svn commit: r212723 - head/sys/compat/linprocfs
des at des.no
Fri Sep 24 23:50:01 UTC 2010
Kostik Belousov <kostikbel at gmail.com> writes:
> This is easy to fix, isn't it ? But there seems to be much more nits.
> First, allocating 512 * sizeof(char *)-byte object on the stack is not
> Second, the initialization of iov_len for reading the array
> of string pointers misses '* sizeof(char *)'.
> And third (probably fatal) is the lack of checks that the end of
> array and each string fits into the user portion of the map. I do not
> see why addr that already has u_long type is casted to u_long. Also,
> VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS constants are for the native host
> FreeBSD ABI, they may differ from the target process limits.
Blah, I clearly didn't look closely enough at the final version. The
original patch used malloc() but introduced a potential race condition
due to having to drop the process lock. I wrote a version that used
_PHOLD() / _PRELE() to hold the process across the unlock / malloc /
lock window, but the originator had trouble with it (albeit only in
qemu, not on real hardware), and I wasn't 100% sure my reasoning was
sound, so I accepted his suggested solution. I'll look into this
Dag-Erling Smørgrav - des at des.no
More information about the svn-src-head