From owner-svn-src-head@FreeBSD.ORG  Mon Nov  3 21:45:24 2014
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 494459A5;
 Mon,  3 Nov 2014 21:45:24 +0000 (UTC)
Received: from elvis.mu.org (elvis.mu.org [IPv6:2001:470:1f05:b76::196])
 by mx1.freebsd.org (Postfix) with ESMTP id 35ACBE87;
 Mon,  3 Nov 2014 21:45:24 +0000 (UTC)
Received: from AlfredMacbookAir.local (unknown [129.253.54.225])
 by elvis.mu.org (Postfix) with ESMTPSA id 47E8C341F84E;
 Mon,  3 Nov 2014 13:45:22 -0800 (PST)
Message-ID: <5457F771.3010509@freebsd.org>
Date: Mon, 03 Nov 2014 13:45:21 -0800
From: Alfred Perlstein <alfred@freebsd.org>
Organization: FreeBSD
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Mateusz Guzik <mjg@FreeBSD.org>, src-committers@freebsd.org, 
 svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject: Re: svn commit: r274017 - head/sys/kern
References: <201411030746.sA37kpPu037113@svn.freebsd.org>
In-Reply-To: <201411030746.sA37kpPu037113@svn.freebsd.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Nov 2014 21:45:24 -0000

Isn't there a problem where the stack can be swapped out?

I seem to recall a problem where a swapped out process was causing 
problems due to a buffer passed being stack allocated and that process 
being swapped out...

If this is not the case then please disregard.

-Alfred

On 11/2/14, 11:46 PM, Mateusz Guzik wrote:
> Author: mjg
> Date: Mon Nov  3 07:46:51 2014
> New Revision: 274017
> URL: https://svnweb.freebsd.org/changeset/base/274017
>
> Log:
>    Provide an on-stack temporary buffer for small ioctl requests.
>
> Modified:
>    head/sys/kern/sys_generic.c
>
> Modified: head/sys/kern/sys_generic.c
> ==============================================================================
> --- head/sys/kern/sys_generic.c	Mon Nov  3 07:18:42 2014	(r274016)
> +++ head/sys/kern/sys_generic.c	Mon Nov  3 07:46:51 2014	(r274017)
> @@ -649,6 +649,7 @@ sys_ioctl(struct thread *td, struct ioct
>   	u_long com;
>   	int arg, error;
>   	u_int size;
> +	u_char smalldata[128];
>   	caddr_t data;
>   
>   	if (uap->com > 0xffffffff) {
> @@ -680,17 +681,18 @@ sys_ioctl(struct thread *td, struct ioct
>   			arg = (intptr_t)uap->data;
>   			data = (void *)&arg;
>   			size = 0;
> -		} else
> -			data = malloc((u_long)size, M_IOCTLOPS, M_WAITOK);
> +		} else {
> +			if (size <= sizeof(smalldata))
> +				data = smalldata;
> +			else
> +				data = malloc((u_long)size, M_IOCTLOPS, M_WAITOK);
> +		}
>   	} else
>   		data = (void *)&uap->data;
>   	if (com & IOC_IN) {
>   		error = copyin(uap->data, data, (u_int)size);
> -		if (error) {
> -			if (size > 0)
> -				free(data, M_IOCTLOPS);
> -			return (error);
> -		}
> +		if (error != 0)
> +			goto out;
>   	} else if (com & IOC_OUT) {
>   		/*
>   		 * Zero the buffer so the user always
> @@ -704,7 +706,8 @@ sys_ioctl(struct thread *td, struct ioct
>   	if (error == 0 && (com & IOC_OUT))
>   		error = copyout(data, uap->data, (u_int)size);
>   
> -	if (size > 0)
> +out:
> +	if (size > 0 && data != (caddr_t)&smalldata)
>   		free(data, M_IOCTLOPS);
>   	return (error);
>   }
>