Date: Mon, 3 Apr 2000 23:44:11 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Alfred Perlstein <bright@wintelcom.net> Cc: Hellmuth Michaelis <hm@hcs.de>, garyj@muc.de, freebsd-current@FreeBSD.ORG Subject: Re: MLEN and crashes Message-ID: <Pine.BSF.4.21.0004032319210.409-100000@alphplex.bde.org> In-Reply-To: <20000403023858.F21029@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Apr 2000, Alfred Perlstein wrote: > * Hellmuth Michaelis <hm@hcs.de> [000403 02:12] wrote: > > >From the keyboard of Bruce Evans: > > > > > It's just a bug to allocate big structs on the kernel stack. > > > > Please specify "big"! :-) > > have a look at src/sys/nfs/nfs_vnops.c: > > line ~2787: > #ifndef NFS_COMMITBVECSIZ > #define NFS_COMMITBVECSIZ 20 > #endif > struct buf *bvec_on_stack[NFS_COMMITBVECSIZ]; > int bvecsize = 0, bveccount; > > I guess 80 bytes is pushing it, some routines are worse, but 2k > is totally out of line. This case is an array of pointers. Big arrays are just as bad as big structs, of course. Having a parameterized array size makes it hard to prove that the size is small enough. > If you're worried about such things happening then you can use > the pre-processor to catch things that may make your structures > too large. This won't work for dynamic arrays. E.g., vm_pageout_flush() uses "int pageout_status[count];". It is not immediately obvious that count < vm_pageout_page_count where vm_pageout_page_count is either 8 or VM_PAGEOUT_PAGE_COUNT = 16. Using a constant array size of VM_PAGEOUT_PAGE_COUNT would be simpler, faster, and wouldn't break K&R support. objdump(1) can be used to find struct sizes. E.g., "objdump --stabs kernel.debug | grep cstate" gives: 18052 LCSYM 0 120 c02b7a00 208921 escstate:V(0,1) 129365 LSYM 0 0 00000000 1929789 cstate:T(55,1)=s244cs_next:(55,2)=*(55,1),0,32;cs_hlen:(7,8),32,16;cs_id:(7,1),48,8;cs_filler:(7,1),56,8;slcs_u:(55,3)=u236csu_hdr:(35,14),0,1888;csu_ip:(54,1),0,160;;,64,1888;; This shows that the last struct member has size 64 bits and offset 1888 bits. The struct size is usually the sum of the last member offset and size. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004032319210.409-100000>