Isn't there a problem where the stack can be swapped out?
I seem to recall a problem where a swapped out process was causing
problems due to a buffer passed being stack allocated and that process
being swapped out...
If this is not the case then please disregard.
-Alfred
On 11/2/14, 11:46 PM, Mateusz Guzik wrote:
Author: mjg
Date: Mon Nov 3 07:46:51 2014
New Revision: 274017
URL: https://svnweb.freebsd.org/changeset/base/274017
Log:
Provide an on-stack temporary buffer for small ioctl requests.
Modified:
head/sys/kern/sys_generic.c
Modified: head/sys/kern/sys_generic.c
==============================================================================
--- head/sys/kern/sys_generic.c Mon Nov 3 07:18:42 2014 (r274016)
+++ head/sys/kern/sys_generic.c Mon Nov 3 07:46:51 2014 (r274017)
@@ -649,6 +649,7 @@ sys_ioctl(struct thread *td, struct ioct
u_long com;
int arg, error;
u_int size;
+ u_char smalldata[128];
caddr_t data;
if (uap->com > 0xffffffff) {
@@ -680,17 +681,18 @@ sys_ioctl(struct thread *td, struct ioct
arg = (intptr_t)uap->data;
data = (void *)&arg;
size = 0;
- } else
- data = malloc((u_long)size, M_IOCTLOPS, M_WAITOK);
+ } else {
+ if (size <= sizeof(smalldata))
+ data = smalldata;
+ else
+ data = malloc((u_long)size, M_IOCTLOPS,
M_WAITOK);
+ }
} else
data = (void *)&uap->data;
if (com & IOC_IN) {
error = copyin(uap->data, data, (u_int)size);
- if (error) {
- if (size > 0)
- free(data, M_IOCTLOPS);
- return (error);
- }
+ if (error != 0)
+ goto out;
} else if (com & IOC_OUT) {
/*
* Zero the buffer so the user always
@@ -704,7 +706,8 @@ sys_ioctl(struct thread *td, struct ioct
if (error == 0 && (com & IOC_OUT))
error = copyout(data, uap->data, (u_int)size);
- if (size > 0)
+out:
+ if (size > 0 && data != (caddr_t)&smalldata)
free(data, M_IOCTLOPS);
return (error);
}
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
