Re: [PATCH] netbsd32 swapctl, round 3

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: [PATCH] netbsd32 swapctl, round 3
From: Matt Thomas <matt%3am-software.com@localhost>
Date: Sat, 1 Feb 2014 08:05:57 -0800

On Feb 1, 2014, at 12:41 AM, Emmanuel Dreyfus <manu%netbsd.org@localhost> wrote:

> +     int count = SCARG(uap, misc);
> +     int i, error;
> +
> +     sep = kmem_alloc(sizeof(*sep) * count, KM_SLEEP);
> +     sep32 = kmem_alloc(sizeof(*sep32) * count, KM_SLEEP);

Before using count, one must limit it using:

                if ((size_t)count > (size_t)uvmexp.nswapdev)
                        misc = uvmexp.nswapdev;

or a user could exhaust all memory by supplying bogus counts.

You only need one sep32 and then copyout each entry:

        for (i = 0, error = 0; i < count && error == 0; i++) {
                struct netbsd32_swapent sep32;
                sep32.se_dev = sep[i].se_dev;
                sep32.se_flags = sep[i].se_flags;
                sep32.se_nblks = sep[i].se_nblks;
                sep32.se_inuse = sep[i].se_inuse;
                sep32.se_priority = sep[i].se_priority;
                size_t len = strlcpy(sep32.se_path, sep[i].se_path,
                        sizeof(sep32.se_path));

                error = copyout(&sep32, SCARG(uap, arg + i),
                    offsetof(sep32.sep_path) + len + 1);
        }

Follow-Ups:
- Re: [PATCH] netbsd32 swapctl, round 3
  - From: Emmanuel Dreyfus

References:
- [PATCH] netbsd32 swapctl, round 3
  - From: Emmanuel Dreyfus

Prev by Date: config(1) ioconf doesn't seem good enough for pseudo-devices?
Next by Date: Dear Account User.
Previous by Thread: Re: [PATCH] netbsd32 swapctl, round 3
Next by Thread: Re: [PATCH] netbsd32 swapctl, round 3
Indexes:

Home | Main Index | Thread Index | Old Index