From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 22 22:57:56 2005 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B52C16A41F; Thu, 22 Dec 2005 22:57:56 +0000 (GMT) (envelope-from dunstan@freebsd.czest.pl) Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 005A943D5C; Thu, 22 Dec 2005 22:57:55 +0000 (GMT) (envelope-from dunstan@freebsd.czest.pl) Received: from freebsd.czest.pl (freebsd.czest.pl [80.48.250.4]) by freebsd.czest.pl (8.12.10/8.12.9) with ESMTP id jBMN0bPx018911; Thu, 22 Dec 2005 23:00:37 GMT (envelope-from dunstan@freebsd.czest.pl) Received: (from dunstan@localhost) by freebsd.czest.pl (8.13.4/8.12.9/Submit) id jBMN0aJt018910; Thu, 22 Dec 2005 23:00:36 GMT (envelope-from dunstan) Date: Thu, 22 Dec 2005 23:00:36 +0000 From: "Wojciech A. Koszek" To: John Baldwin Message-ID: <20051222230036.GB18817@FreeBSD.czest.pl> References: <20051215223745.GA37768@FreeBSD.czest.pl> <200512161114.14398.jhb@freebsd.org> <20051216221943.GB58739@FreeBSD.czest.pl> <200512191424.06516.jhb@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline In-Reply-To: <200512191424.06516.jhb@freebsd.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-hackers@freebsd.org, phk@freebsd.org, Peter Jeremy Subject: Re: [CALL FOR TESTERS] New system call: abort2() X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2005 22:57:56 -0000 On Mon, Dec 19, 2005 at 02:24:04PM -0500, John Baldwin wrote: > On Friday 16 December 2005 05:19 pm, Wojciech A. Koszek wrote: > > On Fri, Dec 16, 2005 at 11:14:12AM -0500, John Baldwin wrote: > > > On Friday 16 December 2005 04:10 am, Peter Jeremy wrote: > > > > On Thu, 2005-Dec-15 22:37:45 +0000, Wojciech A. Koszek wrote: > > > > > abort2(const char *why, int nargs, void **args); > > > > > > > > > >"why" is reason of program abort, "nargs" is number of arguments > > > > >passed in "args". Both "why" and "args" (with "%p" format) will be > > > > >printed via log(9). Sample output: > > > > >[..] > > > > >pid <3004> abort2: ABORT2 > > > > >pid <3019> abort2: invalid argument > > > > >[..] > > > > > > > > I don't believe the following code is correct. uap->args is a > > > > userspace pointer so uap->args[i] is dereferencing a userspace > > > > argument in kernelspace. > > > > + arg = uargs[i] = (void *) fuword(uap->args[i]); > > > > I think it should be fuword(uap->args + i); > > > > > > > > I don't see the point of the following test. "arg" is printed using > > > > %p and never de-referenced so there's no reason it can't be NULL. I > > > > would see that a legitimate use of abort2() is when the application > > > > detects that a pointer is unexpectedly NULL. Aborting on -1 is less > > > > clear - if fuword() fails, it will return -1 but, equally, a faulty > > > > user application may have left -1 in a pointer. (Note that mmap(2) > > > > returns -1 on error so it's not inconceivable that a pointer could > > > > contain -1). > > > > > > > > + /* Prevent from faults in user-space */ > > > > + if (arg == NULL || arg == (void *)-1) { > > > > + error = EINVAL; > > > > + break; > > > > + } > > > > > > > > Taking the above into account, I believe the code should be: > > > > + if (uap->args == NULL) > > > > + break; > > > > + error = copyin(uap->args, uargs, uap->nargs * sizeof > > > > (void *)); + if (error != 0) > > > > + break; > > > > > > Agreed. Also, copyinstr() can provide a better interface for copying the > > > why string in. Also, the PROC LOCK isn't needed for reading the static > > > p_pid and p_comm fields of struct proc. Also, I second the other > > > comments of do { } while(0) vs goto. Many existing syscalls use 'goto > > > out;' for error handling, and I think that is one of the very few cases > > > when goto is useful and not harmful. > > > > Thanks for the suggestions and comments! > > > > My question is related with copying string from user-space: the only > > difference I can see between those functions (other than operating of > > strings/sbufs) is that sbuf_copyin() looses 'done' [1]. Since current > > abort2() makes use of sbuf(9), I'll have to have additional buffer just > > for string copying and than copy it to sbuf. Would you prefer this > > solution or complete migration from sbufs to strl..()? > > > > [1] Couldn't sbuf_copyin() simply return 'done' from copyinstr() > > embedded in it, since it already returns -1 on failure? This function > > is used in two places, which make no use of return value. > > That sounds good to me (fixing sbuf_copyin()). > I got no response from people for whom changing this function could be a problem. My patch is here: http://freebsd.czest.pl/dunstan/FreeBSD/sbuf_copyin.0.patch -- * Wojciech A. Koszek && dunstan@FreeBSD.czest.pl