Date: Wed, 30 Jan 2002 07:02:25 -0800 (PST) From: User JHB <jhb@magnesium.net> To: hackers@FreeBSD.org Cc: jhb@FreeBSD.org Subject: uiomove busted for the past 3 years Message-ID: <Pine.BSF.4.21.0201300655270.85159-100000@toxic.magnesium.net>
next in thread | raw e-mail | index | archive | help
When the DEADLKTREAT flag was added, uiomove() was broken. :) The
problem is that a return() inside of a switch nested inside of a while
loop was converted to a break leading to the following rather silly code:
if (error)
break;
break;
What is supposed to happen is that if there is an error, we break out of
the while loop, but all we do is break out of the switch ignoring the
error and continuing to loop. Thus, in the best case, if copyin or
copyout failed on the last iteration of the loop, we would return an
error, but would bogusly update the counts in the iovec and uio
structures. In the worst case, if we kept looping and later copyin's or
copyout's succeeded, then we wouldn't return an error at all. A quick fix
would be to add a goto to jump to the error return code at the end of the
loop rather than the bogus break if (error). However, I can't test this
at the moment. Someone please verify and fix this. I think it's broken
in RELENG_3 as well if someone is adventurous enough to merge it that
far. I guess copyin/copyout don't fail often.
--
John Baldwin <jhb@FreeBSD.org> <><
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0201300655270.85159-100000>