>Number:         17507
>Category:       kern
>Synopsis:       poll(2) ignores
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 07 11:00:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Christophe Kalt
>Release:        NetBSD 1.6_BETA4
>Organization:
	
>Environment:
	
	
System: NetBSD bzz.taranis.org 1.6_BETA4 NetBSD 1.6_BETA4 (bzz) #4: Wed Jul 3 20:33:50 EDT 2002 root@bzz.taranis.org:/scratch/NetBSD/1.6.x/obj/scratch/NetBSD/1.6.x/src/sys/arch/sparc/compile/bzz sparc
Architecture: sparc
Machine: sparc
>Description:
This was previously discussed on tech-userlevel, so you may want to check
the archives for posts starting July 7, 2002 with subject "poll(2) oddity".

Basically, poll() takes two (main) arguments: a set of struct pollfd
and the size of the set.  Unfortunately, the first thing sys_poll() does
is the following:

         if (SCARG(uap, nfds) > p->p_fd->fd_nfiles) {
                 /* forgiving; slightly wrong */
                 SCARG(uap, nfds) = p->p_fd->fd_nfiles;
         }

Effectively, this may truncate the set, resulting in part of it being
ignored.
>How-To-Repeat:
Compile the following snippet:
#include <sys/types.h>
#include <poll.h>

main()
{
    struct pollfd pfd[21];
    int i;

    for (i=0; i<21; i++)
      {
	pfd[i].fd = -1;
	pfd[i].events = 0;
      }
    pfd[20].fd = 0;
    pfd[20].events = POLLIN;

    printf("%d\n", poll(pfd, 21, 1000));
}

no, if you run this with "echo foo | ./a.out" you should get 1, but you
never do.  try changing 20 to anything below and you do.
20 seems to be the default for fd_nflies (according to Ben Harris who
shed some light on this for me).
>Fix:
Get rid of the code included in the description, but i imagine it's there
for a reason and needs to be replaced with something better.
>Release-Note:
>Audit-Trail:
>Unformatted: