svn commit: r279997 - head/sys/netinet
Ian Lepore
ian at freebsd.org
Sun Mar 15 00:16:07 UTC 2015
On Sat, 2015-03-14 at 17:52 -0400, John Baldwin wrote:
> On Saturday, March 14, 2015 06:11:25 PM Ian Lepore wrote:
> > Author: ian
> > Date: Sat Mar 14 18:11:24 2015
> > New Revision: 279997
> > URL: https://svnweb.freebsd.org/changeset/base/279997
> >
> > Log:
> > Use sbuf_new_for_sysctl() instead of plain sbuf_new() to ensure sysctl
> > string returned to userland is nulterminated.
> >
> > PR: 195668
>
> This is not safe. sbuf_printf() is invoked with a lock held, so it isn't
> safe for the sbuf code to do a drain here. With sbuf_new_for_sysctl(),
> any call to an sbuf routine is a potential page fault, so the handler must
> either use sysctl_wire_old_buffer(), or the contents need to be output in
> one go. For this case I would prefer to use sbuf_len(sb) + 1 (or add
> INCLUDENUL to the args when creating it) and leave the sole SYSCTL_OUT()
> at the end.
>
> You will want to check the one or two other places you converted for this
> same issue as well.
>
Doh! I was trying to keep an eye out for locks, but I missed that one.
Fixed in r280014.
I'm at that point in a big maintenance task where I've looked at too
much code in too short a time, thanks for keeping a watchful eye on all
this.
-- Ian
More information about the svn-src-head
mailing list