[src/netbsd-6]: src/sys/kern Pull up following revision(s) (requested by mlel...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9ea4781fa09b
branches:  netbsd-6
changeset: 775617:9ea4781fa09b
user:      riz <riz%NetBSD.org@localhost>
date:      Mon Jan 07 16:53:18 2013 +0000

description:
Pull up following revision(s) (requested by mlelstv in ticket #778):
        sys/kern/uipc_syscalls.c: revision 1.157
        sys/kern/uipc_syscalls.c: revision 1.158
If an untraced process sleeps in recvmsg/sendmsg, the syscall does not
allocate an iov structure for ktrace. When tracing is then enabled
and the process wakes up, it crashes the kernel.
Undo the last commit which introduced this error path.
Avoid the mentioned kmem_alloc assertion by adding a sanity check analog
to similar code in sys_generic.c for I/O on file handles instead of
sockets.
This also causes the syscall to return EMSGSIZE if the msg_iovlen member
of the msg structure is less than or equal to 0, as defined in
recvmsg(2)/sendmsg(2).
The sanity check prevented messages that carry only ancillary data.

diffstat:

 sys/kern/uipc_syscalls.c |  14 ++++++--------
 1 files changed, 6 insertions(+), 8 deletions(-)

diffs (44 lines):

diff -r 645651635128 -r 9ea4781fa09b sys/kern/uipc_syscalls.c
--- a/sys/kern/uipc_syscalls.c  Mon Jan 07 16:51:07 2013 +0000
+++ b/sys/kern/uipc_syscalls.c  Mon Jan 07 16:53:18 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $      */
+/*     $NetBSD: uipc_syscalls.c,v 1.154.2.2 2013/01/07 16:53:18 riz Exp $      */
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.154.2.2 2013/01/07 16:53:18 riz Exp $");
 
 #include "opt_pipe.h"
 
@@ -640,10 +640,9 @@
                *retsize = len - auio.uio_resid;
 
 bad:
-       if (ktrpoint(KTR_GENIO)) {
+       if (ktriov != NULL) {
                ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error);
-               if (ktriov != NULL)
-                       kmem_free(ktriov, iovsz);
+               kmem_free(ktriov, iovsz);
        }
 
        if (iov != aiov)
@@ -897,10 +896,9 @@
                /* Some data transferred */
                error = 0;
 
-       if (ktrpoint(KTR_GENIO)) {
+       if (ktriov != NULL) {
                ktrgeniov(s, UIO_READ, ktriov, len, error);
-               if (ktriov != NULL)
-                       kmem_free(ktriov, iovsz);
+               kmem_free(ktriov, iovsz);
        }
 
        if (error != 0) {