Re: write(2) and >=4GB buffer ... ubc_uiomove: error=14

[Antti Kantee <pooka%cs.hut.fi@localhost>]

On Wed Feb 20 2008 at 01:15:59 +0100, Nicolas Joly wrote:
> 
> Hi,
> 
> I noticed a few copies of the same log message on one of my -current
> NetBSD/amd64 boxes: `ubc_uiomove: error=14'.
> 
> After some researches, i discovered that they appear with write(2)
> calls + large buffers (>=4GB). It does not seems to be a write(2)
> syscall limitation (up to SSIZE_MAX), but rather a filesystem problem.
> 
> The attached testcase, fails for if writing to a `dummy.big' file on
> ffs; but succeed if writing to the `/dev/null' device.
> 
>    575      1 bigwrite  CALL  open(0x400bbf,0x602,0x1b6)
>    575      1 bigwrite  NAMI  "dummy.big"
>    575      1 bigwrite  RET   open 3
>    575      1 bigwrite  CALL  write(3,0x7f7efdb00000,0x100000000)
>    575      1 bigwrite  RET   write -1 errno 14 Bad address
> 
>    558      1 bigwrite  CALL  open(0x400bbf,0x602,0x1b6)
>    558      1 bigwrite  NAMI  "/dev/null"
>    558      1 bigwrite  RET   open 3
>    558      1 bigwrite  CALL  write(3,0x7f7efdb00000,0x100000000)
>    558      1 bigwrite  RET   write 4294967296/0x100000000

Hmm, looks like uiomove might be overrunning its iovecs.  Try this:

Index: kern_subr.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_subr.c,v
retrieving revision 1.176
diff -p -u -r1.176 kern_subr.c
--- kern_subr.c 18 Jan 2008 01:22:18 -0000      1.176
+++ kern_subr.c 20 Feb 2008 07:15:34 -0000
@@ -156,7 +156,7 @@ uiomove(void *buf, size_t n, struct uio 
 {
        struct vmspace *vm = uio->uio_vmspace;
        struct iovec *iov;
-       u_int cnt;
+       size_t cnt;
        int error = 0;
        char *cp = buf;
 

-- 
Antti Kantee <pooka%iki.fi@localhost>                     Of course he runs 
NetBSD
http://www.iki.fi/pooka/                          http://www.NetBSD.org/
    "la qualité la plus indispensable du cuisinier est l'exactitude"