Date: Mon, 03 Nov 2014 13:45:21 -0800 From: Alfred Perlstein <alfred@freebsd.org> To: Mateusz Guzik <mjg@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r274017 - head/sys/kern Message-ID: <5457F771.3010509@freebsd.org> In-Reply-To: <201411030746.sA37kpPu037113@svn.freebsd.org> References: <201411030746.sA37kpPu037113@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Isn't there a problem where the stack can be swapped out? I seem to recall a problem where a swapped out process was causing problems due to a buffer passed being stack allocated and that process being swapped out... If this is not the case then please disregard. -Alfred On 11/2/14, 11:46 PM, Mateusz Guzik wrote: > Author: mjg > Date: Mon Nov 3 07:46:51 2014 > New Revision: 274017 > URL: https://svnweb.freebsd.org/changeset/base/274017 > > Log: > Provide an on-stack temporary buffer for small ioctl requests. > > Modified: > head/sys/kern/sys_generic.c > > Modified: head/sys/kern/sys_generic.c > ============================================================================== > --- head/sys/kern/sys_generic.c Mon Nov 3 07:18:42 2014 (r274016) > +++ head/sys/kern/sys_generic.c Mon Nov 3 07:46:51 2014 (r274017) > @@ -649,6 +649,7 @@ sys_ioctl(struct thread *td, struct ioct > u_long com; > int arg, error; > u_int size; > + u_char smalldata[128]; > caddr_t data; > > if (uap->com > 0xffffffff) { > @@ -680,17 +681,18 @@ sys_ioctl(struct thread *td, struct ioct > arg = (intptr_t)uap->data; > data = (void *)&arg; > size = 0; > - } else > - data = malloc((u_long)size, M_IOCTLOPS, M_WAITOK); > + } else { > + if (size <= sizeof(smalldata)) > + data = smalldata; > + else > + data = malloc((u_long)size, M_IOCTLOPS, M_WAITOK); > + } > } else > data = (void *)&uap->data; > if (com & IOC_IN) { > error = copyin(uap->data, data, (u_int)size); > - if (error) { > - if (size > 0) > - free(data, M_IOCTLOPS); > - return (error); > - } > + if (error != 0) > + goto out; > } else if (com & IOC_OUT) { > /* > * Zero the buffer so the user always > @@ -704,7 +706,8 @@ sys_ioctl(struct thread *td, struct ioct > if (error == 0 && (com & IOC_OUT)) > error = copyout(data, uap->data, (u_int)size); > > - if (size > 0) > +out: > + if (size > 0 && data != (caddr_t)&smalldata) > free(data, M_IOCTLOPS); > return (error); > } >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5457F771.3010509>