From owner-svn-src-all@FreeBSD.ORG Mon Dec 12 17:33:39 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36BB11065675; Mon, 12 Dec 2011 17:33:39 +0000 (UTC) (envelope-from pho@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 239278FC08; Mon, 12 Dec 2011 17:33:39 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id pBCHXdCq011172; Mon, 12 Dec 2011 17:33:39 GMT (envelope-from pho@svn.freebsd.org) Received: (from pho@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id pBCHXcfc011168; Mon, 12 Dec 2011 17:33:38 GMT (envelope-from pho@svn.freebsd.org) Message-Id: <201112121733.pBCHXcfc011168@svn.freebsd.org> From: Peter Holm Date: Mon, 12 Dec 2011 17:33:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r228439 - in stable/8/sys: conf kern sys X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2011 17:33:39 -0000 Author: pho Date: Mon Dec 12 17:33:38 2011 New Revision: 228439 URL: http://svn.freebsd.org/changeset/base/228439 Log: MFC: r228218, r228219, 228220, 228221 Rename copyin_timeout32 to umtx_copyin_timeout32 and move parameter check here. Include check for negative seconds value. Add umtx_copyin_timeout() and move parameter checks here. Add declaration of umtx_copyin_timeout() Use umtx_copyin_timeout() to copy and check timeout parameteri in kern_thr_suspend(). Modified: stable/8/sys/kern/kern_thr.c stable/8/sys/kern/kern_umtx.c stable/8/sys/sys/umtx.h Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/conf/ldscript.mips.octeon1.32 (props changed) stable/8/sys/conf/ldscript.mips.octeon1.64 (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/kern/kern_thr.c ============================================================================== --- stable/8/sys/kern/kern_thr.c Mon Dec 12 13:12:55 2011 (r228438) +++ stable/8/sys/kern/kern_thr.c Mon Dec 12 17:33:38 2011 (r228439) @@ -428,8 +428,7 @@ thr_suspend(struct thread *td, struct th tsp = NULL; if (uap->timeout != NULL) { - error = copyin((const void *)uap->timeout, (void *)&ts, - sizeof(struct timespec)); + error = umtx_copyin_timeout(uap->timeout, &ts); if (error != 0) return (error); tsp = &ts; @@ -445,9 +444,6 @@ kern_thr_suspend(struct thread *td, stru int error = 0, hz = 0; if (tsp != NULL) { - if (tsp->tv_sec < 0 || tsp->tv_nsec < 0 || - tsp->tv_nsec > 1000000000) - return (EINVAL); if (tsp->tv_sec == 0 && tsp->tv_nsec == 0) return (ETIMEDOUT); TIMESPEC_TO_TIMEVAL(&tv, tsp); Modified: stable/8/sys/kern/kern_umtx.c ============================================================================== --- stable/8/sys/kern/kern_umtx.c Mon Dec 12 13:12:55 2011 (r228438) +++ stable/8/sys/kern/kern_umtx.c Mon Dec 12 17:33:38 2011 (r228439) @@ -2740,6 +2740,21 @@ _umtx_unlock(struct thread *td, struct _ return do_unlock_umtx(td, uap->umtx, td->td_tid); } +inline int +umtx_copyin_timeout(const void *addr, struct timespec *tsp) +{ + int error; + + error = copyin(addr, tsp, sizeof(struct timespec)); + if (error == 0) { + if (tsp->tv_sec < 0 || + tsp->tv_nsec >= 1000000000 || + tsp->tv_nsec < 0) + error = EINVAL; + } + return (error); +} + static int __umtx_op_lock_umtx(struct thread *td, struct _umtx_op_args *uap) { @@ -2750,13 +2765,9 @@ __umtx_op_lock_umtx(struct thread *td, s if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return (do_lock_umtx(td, uap->obj, uap->val, ts)); @@ -2777,12 +2788,9 @@ __umtx_op_wait(struct thread *td, struct if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 0, 0); @@ -2797,12 +2805,9 @@ __umtx_op_wait_uint(struct thread *td, s if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 0); @@ -2817,12 +2822,9 @@ __umtx_op_wait_uint_private(struct threa if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 1); @@ -2850,14 +2852,9 @@ __umtx_op_lock_umutex(struct thread *td, if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, 0); @@ -2879,14 +2876,9 @@ __umtx_op_wait_umutex(struct thread *td, if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, _UMUTEX_WAIT); @@ -2920,14 +2912,9 @@ __umtx_op_cv_wait(struct thread *td, str if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val)); @@ -2955,14 +2942,9 @@ __umtx_op_rw_rdlock(struct thread *td, s if (uap->uaddr2 == NULL) { error = do_rw_rdlock(td, uap->obj, uap->val, 0); } else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_rdlock2(td, uap->obj, uap->val, &timeout); } return (error); @@ -2978,14 +2960,9 @@ __umtx_op_rw_wrlock(struct thread *td, s if (uap->uaddr2 == NULL) { error = do_rw_wrlock(td, uap->obj, 0); } else { - error = copyin(uap->uaddr2, &timeout, - sizeof(timeout)); + error = umtx_copyin_timeout(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_wrlock2(td, uap->obj, &timeout); } @@ -3051,15 +3028,21 @@ struct timespec32 { }; static inline int -copyin_timeout32(void *addr, struct timespec *tsp) +umtx_copyin_timeout32(void *addr, struct timespec *tsp) { struct timespec32 ts32; int error; error = copyin(addr, &ts32, sizeof(struct timespec32)); if (error == 0) { - tsp->tv_sec = ts32.tv_sec; - tsp->tv_nsec = ts32.tv_nsec; + if (ts32.tv_sec < 0 || + ts32.tv_nsec >= 1000000000 || + ts32.tv_nsec < 0) + error = EINVAL; + else { + tsp->tv_sec = ts32.tv_sec; + tsp->tv_nsec = ts32.tv_nsec; + } } return (error); } @@ -3074,13 +3057,9 @@ __umtx_op_lock_umtx_compat32(struct thre if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } ts = &timeout; } return (do_lock_umtx32(td, uap->obj, uap->val, ts)); @@ -3101,12 +3080,9 @@ __umtx_op_wait_compat32(struct thread *t if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 0); @@ -3122,12 +3098,9 @@ __umtx_op_lock_umutex_compat32(struct th if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, 0); @@ -3143,12 +3116,9 @@ __umtx_op_wait_umutex_compat32(struct th if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_lock_umutex(td, uap->obj, ts, _UMUTEX_WAIT); @@ -3164,12 +3134,9 @@ __umtx_op_cv_wait_compat32(struct thread if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return (do_cv_wait(td, uap->obj, uap->uaddr1, ts, uap->val)); @@ -3185,13 +3152,9 @@ __umtx_op_rw_rdlock_compat32(struct thre if (uap->uaddr2 == NULL) { error = do_rw_rdlock(td, uap->obj, uap->val, 0); } else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_rdlock2(td, uap->obj, uap->val, &timeout); } return (error); @@ -3207,13 +3170,9 @@ __umtx_op_rw_wrlock_compat32(struct thre if (uap->uaddr2 == NULL) { error = do_rw_wrlock(td, uap->obj, 0); } else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) { - return (EINVAL); - } error = do_rw_wrlock2(td, uap->obj, &timeout); } @@ -3229,12 +3188,9 @@ __umtx_op_wait_uint_private_compat32(str if (uap->uaddr2 == NULL) ts = NULL; else { - error = copyin_timeout32(uap->uaddr2, &timeout); + error = umtx_copyin_timeout32(uap->uaddr2, &timeout); if (error != 0) return (error); - if (timeout.tv_nsec >= 1000000000 || - timeout.tv_nsec < 0) - return (EINVAL); ts = &timeout; } return do_wait(td, uap->obj, uap->val, ts, 1, 1); Modified: stable/8/sys/sys/umtx.h ============================================================================== --- stable/8/sys/sys/umtx.h Mon Dec 12 13:12:55 2011 (r228438) +++ stable/8/sys/sys/umtx.h Mon Dec 12 17:33:38 2011 (r228439) @@ -241,6 +241,7 @@ umtx_key_match(const struct umtx_key *k1 k1->info.both.b == k2->info.both.b); } +int umtx_copyin_timeout(const void *, struct timespec *); int umtx_key_get(void *, int, int, struct umtx_key *); void umtx_key_release(struct umtx_key *); struct umtx_q *umtxq_alloc(void);