Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 May 2009 15:23:13 +0000 (UTC)
From:      Andriy Gapon <avg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r192899 - head/sys/compat/linux
Message-ID:  <200905271523.n4RFND0x001262@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: avg
Date: Wed May 27 15:23:12 2009
New Revision: 192899
URL: http://svn.freebsd.org/changeset/base/192899

Log:
  linux_ioctl_cdrom: reduce stack usage
  
  ... by moving two ~2KB structures from stack to heap allocation.
  I experienced stack overflow in linux emulation on i386 (8K stack)
  when LINUX_DVD_READ_STRUCT ioctl was performed on atapicam cd
  device and there was an error that resulted in additional quite
  heavy stack use in cam layer.
  
  Reviewed by:	dchagin
  Approved by:	jhb (mentor)

Modified:
  head/sys/compat/linux/linux_ioctl.c

Modified: head/sys/compat/linux/linux_ioctl.c
==============================================================================
--- head/sys/compat/linux/linux_ioctl.c	Wed May 27 15:16:56 2009	(r192898)
+++ head/sys/compat/linux/linux_ioctl.c	Wed May 27 15:23:12 2009	(r192899)
@@ -1556,23 +1556,28 @@ linux_ioctl_cdrom(struct thread *td, str
 	/* LINUX_CDROMAUDIOBUFSIZ */
 
 	case LINUX_DVD_READ_STRUCT: {
-		l_dvd_struct lds;
-		struct dvd_struct bds;
+		l_dvd_struct *lds;
+		struct dvd_struct *bds;
 
-		error = copyin((void *)args->arg, &lds, sizeof(lds));
+		lds = malloc(sizeof(*lds), M_LINUX, M_WAITOK);
+		bds = malloc(sizeof(*bds), M_LINUX, M_WAITOK);
+		error = copyin((void *)args->arg, lds, sizeof(*lds));
 		if (error)
-			break;
-		error = linux_to_bsd_dvd_struct(&lds, &bds);
+			goto out;
+		error = linux_to_bsd_dvd_struct(lds, bds);
 		if (error)
-			break;
-		error = fo_ioctl(fp, DVDIOCREADSTRUCTURE, (caddr_t)&bds,
+			goto out;
+		error = fo_ioctl(fp, DVDIOCREADSTRUCTURE, (caddr_t)bds,
 		    td->td_ucred, td);
 		if (error)
-			break;
-		error = bsd_to_linux_dvd_struct(&bds, &lds);
+			goto out;
+		error = bsd_to_linux_dvd_struct(bds, lds);
 		if (error)
-			break;
-		error = copyout(&lds, (void *)args->arg, sizeof(lds));
+			goto out;
+		error = copyout(lds, (void *)args->arg, sizeof(*lds));
+	out:
+		free(bds, M_LINUX);
+		free(lds, M_LINUX);
 		break;
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905271523.n4RFND0x001262>