From owner-freebsd-hackers Wed Jan 30 7: 2:28 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from magnesium.net (toxic.magnesium.net [207.154.84.15]) by hub.freebsd.org (Postfix) with SMTP id 6701E37B416 for ; Wed, 30 Jan 2002 07:02:25 -0800 (PST) Received: (qmail 85382 invoked by uid 1148); 30 Jan 2002 15:02:25 -0000 Date: Wed, 30 Jan 2002 07:02:25 -0800 (PST) From: User JHB To: hackers@FreeBSD.org Cc: jhb@FreeBSD.org Subject: uiomove busted for the past 3 years Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG When the DEADLKTREAT flag was added, uiomove() was broken. :) The problem is that a return() inside of a switch nested inside of a while loop was converted to a break leading to the following rather silly code: if (error) break; break; What is supposed to happen is that if there is an error, we break out of the while loop, but all we do is break out of the switch ignoring the error and continuing to loop. Thus, in the best case, if copyin or copyout failed on the last iteration of the loop, we would return an error, but would bogusly update the counts in the iovec and uio structures. In the worst case, if we kept looping and later copyin's or copyout's succeeded, then we wouldn't return an error at all. A quick fix would be to add a goto to jump to the error return code at the end of the loop rather than the bogus break if (error). However, I can't test this at the moment. Someone please verify and fix this. I think it's broken in RELENG_3 as well if someone is adventurous enough to merge it that far. I guess copyin/copyout don't fail often. -- John Baldwin <>< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message