From owner-svn-src-stable-8@FreeBSD.ORG Tue Jan 18 01:20:16 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B6EE106564A; Tue, 18 Jan 2011 01:20:16 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 494268FC17; Tue, 18 Jan 2011 01:20:16 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p0I1KGFc019545; Tue, 18 Jan 2011 01:20:16 GMT (envelope-from rmacklem@svn.freebsd.org) Received: (from rmacklem@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p0I1KGfa019541; Tue, 18 Jan 2011 01:20:16 GMT (envelope-from rmacklem@svn.freebsd.org) Message-Id: <201101180120.p0I1KGfa019541@svn.freebsd.org> From: Rick Macklem Date: Tue, 18 Jan 2011 01:20:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r217527 - stable/8/sys/rpc X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jan 2011 01:20:16 -0000 Author: rmacklem Date: Tue Jan 18 01:20:15 2011 New Revision: 217527 URL: http://svn.freebsd.org/changeset/base/217527 Log: MFC: r217242 Fix a bug in the client side krpc where it was, sometimes erroneously, assumed that 4 bytes of data were in the first mbuf of a list by replacing the bcopy() with m_copydata(). Also, replace the uses of m_pullup(), which can fail for reasons other than not enough data, with m_copydata(). For the cases where it isn't known that there is enough data in the mbuf list, check first via m_len and m_length(). This is believed to fix a problem reported by dpd at dpdtech.com and george+freebsd at m5p.com. Modified: stable/8/sys/rpc/clnt_dg.c stable/8/sys/rpc/clnt_vc.c stable/8/sys/rpc/svc_vc.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/rpc/clnt_dg.c ============================================================================== --- stable/8/sys/rpc/clnt_dg.c Tue Jan 18 01:07:09 2011 (r217526) +++ stable/8/sys/rpc/clnt_dg.c Tue Jan 18 01:20:15 2011 (r217527) @@ -1089,15 +1089,14 @@ clnt_dg_soupcall(struct socket *so, void /* * The XID is in the first uint32_t of the reply. */ - if (m->m_len < sizeof(xid)) - m = m_pullup(m, sizeof(xid)); - if (!m) + if (m->m_len < sizeof(xid) && m_length(m, NULL) < sizeof(xid)) /* * Should never happen. */ continue; - xid = ntohl(*mtod(m, uint32_t *)); + m_copydata(m, 0, sizeof(xid), (char *)&xid); + xid = ntohl(xid); /* * Attempt to match this reply with a pending request. Modified: stable/8/sys/rpc/clnt_vc.c ============================================================================== --- stable/8/sys/rpc/clnt_vc.c Tue Jan 18 01:07:09 2011 (r217526) +++ stable/8/sys/rpc/clnt_vc.c Tue Jan 18 01:20:15 2011 (r217527) @@ -916,7 +916,7 @@ clnt_vc_soupcall(struct socket *so, void mtx_unlock(&ct->ct_lock); break; } - bcopy(mtod(m, uint32_t *), &header, sizeof(uint32_t)); + m_copydata(m, 0, sizeof(uint32_t), (char *)&header); header = ntohl(header); ct->ct_record = NULL; ct->ct_record_resid = header & 0x7fffffff; @@ -975,14 +975,11 @@ clnt_vc_soupcall(struct socket *so, void * The XID is in the first uint32_t of * the reply. */ - if (ct->ct_record->m_len < sizeof(xid)) - ct->ct_record = - m_pullup(ct->ct_record, - sizeof(xid)); - if (!ct->ct_record) + if (ct->ct_record->m_len < sizeof(xid) && + m_length(ct->ct_record, NULL) < sizeof(xid)) break; - bcopy(mtod(ct->ct_record, uint32_t *), - &xid, sizeof(uint32_t)); + m_copydata(ct->ct_record, 0, sizeof(xid), + (char *)&xid); xid = ntohl(xid); mtx_lock(&ct->ct_lock); Modified: stable/8/sys/rpc/svc_vc.c ============================================================================== --- stable/8/sys/rpc/svc_vc.c Tue Jan 18 01:07:09 2011 (r217526) +++ stable/8/sys/rpc/svc_vc.c Tue Jan 18 01:20:15 2011 (r217527) @@ -559,11 +559,8 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_ms } if (n < sizeof(uint32_t)) goto readmore; - if (cd->mpending->m_len < sizeof(uint32_t)) - cd->mpending = m_pullup(cd->mpending, - sizeof(uint32_t)); - memcpy(&header, mtod(cd->mpending, uint32_t *), - sizeof(header)); + m_copydata(cd->mpending, 0, sizeof(header), + (char *)&header); header = ntohl(header); cd->eor = (header & 0x80000000) != 0; cd->resid = header & 0x7fffffff;