svn commit: r279993 - in head/sys: dev/cxgb dev/cxgbe kern vm

Ian Lepore ian at freebsd.org
Mon Mar 16 17:56:11 UTC 2015 

On Sun, 2015-03-15 at 23:53 +0200, Konstantin Belousov wrote:
> On Sat, Mar 14, 2015 at 05:08:29PM +0000, Ian Lepore wrote:
> > Author: ian
> > Date: Sat Mar 14 17:08:28 2015
> > New Revision: 279993
> > URL: https://svnweb.freebsd.org/changeset/base/279993
> > 
> > Log:
> >   Set the SBUF_INCLUDENUL flag in sbuf_new_for_sysctl() so that sysctl
> >   strings returned to userland include the nulterm byte.
> >   
> >   Some uses of sbuf_new_for_sysctl() write binary data rather than strings;
> >   clear the SBUF_INCLUDENUL flag after calling sbuf_new_for_sysctl() in
> >   those cases.  (Note that the sbuf code still automatically adds a nulterm
> >   byte in sbuf_finish(), but since it's not included in the length it won't
> >   get copied to userland along with the binary data.)
> >   
> >   Remove explicit adding of a nulterm byte in a couple places now that it
> >   gets done automatically by the sbuf drain code.
> >   
> >   PR:		195668
> 
> I get the following panic on r280044:
> 
> panic: wrote past end of sbuf (256 >= 256)
> cpuid = 0
> KDB: stack backtrace:
> db_trace_self_wrapper() at 0xffffffff8028db5b = db_trace_self_wrapper+0x2b/frame 0xfffffe022b6af5e0
> vpanic() at 0xffffffff80356ad9 = vpanic+0x189/frame 0xfffffe022b6af660
> kassert_panic() at 0xffffffff80356942 = kassert_panic+0x192/frame 0xfffffe022b6af6f0
> sbuf_delete() at 0xffffffff803a3cad = sbuf_delete+0xad/frame 0xfffffe022b6af710
> sysctl_kern_proc_args() at 0xffffffff80349b6d = sysctl_kern_proc_args+0x21d/frame 0xfffffe022b6af7a0
> sysctl_root_handler_locked() at 0xffffffff80364034 = sysctl_root_handler_locked+0x94/frame 0xfffffe022b6af7e0
> sysctl_root() at 0xffffffff80363878 = sysctl_root+0x188/frame 0xfffffe022b6af830
> userland_sysctl() at 0xffffffff80363e12 = userland_sysctl+0x192/frame 0xfffffe022b6af8d0
> sys___sysctl() at 0xffffffff80363c44 = sys___sysctl+0x74/frame 0xfffffe022b6af980
> amd64_syscall() at 0xffffffff8057e9be = amd64_syscall+0x2ae/frame 0xfffffe022b6afab0
> Xfast_syscall() at 0xffffffff8055d9bb = Xfast_syscall+0xfb/frame 0xfffffe022b6afab0
> --- syscall (202, FreeBSD ELF64, sys___sysctl), rip = 0x800f9db0a, rsp = 0x7fffffffe2c8, rbp = 0x7fffffffe300 ---

This should now be fixed with r280149.  I have no idea why I never hit
this in testing even with the same commands that other people on irc
said they were using to trigger it.  Just lucky I guess. :)

-- Ian

More information about the svn-src-head mailing list