[src/netbsd-6-0]: src/sys/kern Pull up following revision(s) (requested by ml...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/8bc0dc4666d0
branches:  netbsd-6-0
changeset: 774739:8bc0dc4666d0
user:      riz <riz%NetBSD.org@localhost>
date:      Mon Jan 07 16:53:36 2013 +0000

description:
Pull up following revision(s) (requested by mlelstv in ticket #778):
        sys/kern/uipc_syscalls.c: revision 1.157
        sys/kern/uipc_syscalls.c: revision 1.158
If an untraced process sleeps in recvmsg/sendmsg, the syscall does not
allocate an iov structure for ktrace. When tracing is then enabled
and the process wakes up, it crashes the kernel.
Undo the last commit which introduced this error path.
Avoid the mentioned kmem_alloc assertion by adding a sanity check analog
to similar code in sys_generic.c for I/O on file handles instead of
sockets.
This also causes the syscall to return EMSGSIZE if the msg_iovlen member
of the msg structure is less than or equal to 0, as defined in
recvmsg(2)/sendmsg(2).
The sanity check prevented messages that carry only ancillary data.

diffstat:

 sys/kern/uipc_syscalls.c |  14 ++++++--------
 1 files changed, 6 insertions(+), 8 deletions(-)

diffs (44 lines):

diff -r c119db4b8b2c -r 8bc0dc4666d0 sys/kern/uipc_syscalls.c
--- a/sys/kern/uipc_syscalls.c  Sat Jan 05 23:21:41 2013 +0000
+++ b/sys/kern/uipc_syscalls.c  Mon Jan 07 16:53:36 2013 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $      */
+/*     $NetBSD: uipc_syscalls.c,v 1.154.2.1.4.1 2013/01/07 16:53:36 riz Exp $  */
 
 /*-
  * Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.154.2.1 2012/07/20 23:10:06 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.154.2.1.4.1 2013/01/07 16:53:36 riz Exp $");
 
 #include "opt_pipe.h"
 
@@ -640,10 +640,9 @@
                *retsize = len - auio.uio_resid;
 
 bad:
-       if (ktrpoint(KTR_GENIO)) {
+       if (ktriov != NULL) {
                ktrgeniov(s, UIO_WRITE, ktriov, *retsize, error);
-               if (ktriov != NULL)
-                       kmem_free(ktriov, iovsz);
+               kmem_free(ktriov, iovsz);
        }
 
        if (iov != aiov)
@@ -897,10 +896,9 @@
                /* Some data transferred */
                error = 0;
 
-       if (ktrpoint(KTR_GENIO)) {
+       if (ktriov != NULL) {
                ktrgeniov(s, UIO_READ, ktriov, len, error);
-               if (ktriov != NULL)
-                       kmem_free(ktriov, iovsz);
+               kmem_free(ktriov, iovsz);
        }
 
        if (error != 0) {