[CALL FOR TESTERS] New system call: abort2()
Wojciech A. Koszek
dunstan at freebsd.czest.pl
Fri Dec 16 13:47:40 PST 2005
On Fri, Dec 16, 2005 at 08:10:57PM +1100, Peter Jeremy wrote:
> On Thu, 2005-Dec-15 22:37:45 +0000, Wojciech A. Koszek wrote:
> > abort2(const char *why, int nargs, void **args);
> >
> >"why" is reason of program abort, "nargs" is number of arguments
> >passed in "args". Both "why" and "args" (with "%p" format) will be
> >printed via log(9). Sample output:
> >[..]
> >pid <3004> <abort2> abort2: ABORT2 <arg0:0x62612f2e>
> >pid <3019> <abort2> abort2: invalid argument
> >[..]
>
> I don't believe the following code is correct. uap->args is a
> userspace pointer so uap->args[i] is dereferencing a userspace
> argument in kernelspace.
> + arg = uargs[i] = (void *) fuword(uap->args[i]);
> I think it should be fuword(uap->args + i);
>
> I don't see the point of the following test. "arg" is printed using
> %p and never de-referenced so there's no reason it can't be NULL. I
> would see that a legitimate use of abort2() is when the application
> detects that a pointer is unexpectedly NULL. Aborting on -1 is less
> clear - if fuword() fails, it will return -1 but, equally, a faulty
> user application may have left -1 in a pointer. (Note that mmap(2)
> returns -1 on error so it's not inconceivable that a pointer could
> contain -1).
>
> + /* Prevent from faults in user-space */
> + if (arg == NULL || arg == (void *)-1) {
> + error = EINVAL;
> + break;
> + }
>
> Taking the above into account, I believe the code should be:
> + if (uap->args == NULL)
> + break;
> + error = copyin(uap->args, uargs, uap->nargs * sizeof (void *));
> + if (error != 0)
> + break;
Of course! Thanks for this comment! Updated version should be available
soon.
--
* Wojciech A. Koszek && dunstan at FreeBSD.czest.pl
More information about the freebsd-hackers
mailing list