svn commit: r196910 - in user/kmacy/releng_7_2_fcs_1/sys: kern sys
Kip Macy
kmacy at FreeBSD.org
Mon Sep 7 00:49:01 UTC 2009
Author: kmacy
Date: Mon Sep 7 00:49:00 2009
New Revision: 196910
URL: http://svn.freebsd.org/changeset/base/196910
Log:
validate against file size
Modified:
user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_socket.c
user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_syscalls.c
user/kmacy/releng_7_2_fcs_1/sys/sys/sockstate.h
Modified: user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_socket.c
==============================================================================
--- user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_socket.c Sun Sep 6 22:56:07 2009 (r196909)
+++ user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_socket.c Mon Sep 7 00:49:00 2009 (r196910)
@@ -3118,6 +3118,7 @@ struct socketref {
struct uio sr_trl_uio;
short sr_compat;
int sr_magic;
+ off_t sr_vnp_size;
struct task sr_task;
TAILQ_ENTRY(socketref) entry;
@@ -3170,7 +3171,8 @@ socketref_free(struct socketref *sr)
void
soissending(struct socket *so, struct thread *td,
struct sendfile_args *uap, struct uio *hdr_uio,
- struct uio *trl_uio, int compat, off_t sbytes)
+ struct uio *trl_uio, int compat, off_t sbytes,
+ off_t vnp_size)
{
struct socketref *ref;
int error;
@@ -3239,6 +3241,7 @@ soissending(struct socket *so, struct th
sizeof(*trl_uio));
ref->sr_compat = compat;
ref->sr_magic = 0xCAFEBABE;
+ ref->sr_vnp_size = vnp_size;
TASK_INIT(&ref->sr_task, 0, sendfile_task_func, ref);
CTR3(KTR_SPARE2, "enqueueing socket %p sock_fp %p s %d", so, ref->sr_sock_fp, uap->s);
@@ -3319,6 +3322,11 @@ sendfile_task_func(void *context, int pe
if (sr->sr_uap.nbytes)
sr->sr_uap.nbytes -= sbytes;
+ if (error == EAGAIN &&
+ (sr->sr_uap.offset + sbytes == sr->sr_vnp_size)) {
+ CTR0(KTR_SPARE1, "EAGAIN on full send");
+ error = 0;
+ }
SOCKBUF_LOCK(sb);
}
#ifdef KTR
Modified: user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_syscalls.c
==============================================================================
--- user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_syscalls.c Sun Sep 6 22:56:07 2009 (r196909)
+++ user/kmacy/releng_7_2_fcs_1/sys/kern/uipc_syscalls.c Mon Sep 7 00:49:00 2009 (r196910)
@@ -1792,7 +1792,7 @@ kern_sendfile(struct thread *td, struct
struct sf_buf *sf;
struct vm_page *pg;
struct ucred *cred;
- off_t off, xfsize, fsbytes = 0, sbytes = 0, rem = 0;
+ off_t off, xfsize, fsbytes = 0, sbytes = 0, rem = 0, vnp_size = 0;
int error, hdrlen = 0, mnw = 0;
int vfslocked;
@@ -1992,7 +1992,7 @@ retry_space:
if (so->so_state & SS_NBIO) {
if (bg_sendfile_enable &&
(so->so_snd.sb_flags & SB_SENDING) == 0)
- soissending(so, td, uap, hdr_uio, trl_uio, compat, sbytes);
+ soissending(so, td, uap, hdr_uio, trl_uio, compat, sbytes, vnp_size);
SOCKBUF_UNLOCK(&so->so_snd);
error = EAGAIN;
goto done;
@@ -2054,6 +2054,7 @@ retry_space:
done = 1; /* all data sent */
break;
}
+ vnp_size = obj->un_pager.vnp.vnp_size;
/*
* Don't overflow the send buffer.
* Stop here and send out what we've
Modified: user/kmacy/releng_7_2_fcs_1/sys/sys/sockstate.h
==============================================================================
--- user/kmacy/releng_7_2_fcs_1/sys/sys/sockstate.h Sun Sep 6 22:56:07 2009 (r196909)
+++ user/kmacy/releng_7_2_fcs_1/sys/sys/sockstate.h Mon Sep 7 00:49:00 2009 (r196910)
@@ -81,7 +81,7 @@ void soisdisconnecting(struct socket *so
void soissending(struct socket *so,
struct thread *td, struct sendfile_args *uap,
struct uio *hdr_uio, struct uio *trl_uio,
- int compat, off_t sbytes);
+ int compat, off_t sbytes, off_t vnp_size);
void sosendingwakeup(struct sockbuf *sb);
void socantrcvmore(struct socket *so);
void socantrcvmore_locked(struct socket *so);
More information about the svn-src-user
mailing list