From owner-svn-src-head@FreeBSD.ORG Sun Jan 29 22:39:06 2012 Return-Path: Delivered-To: svn-src-head@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B1F21065672; Sun, 29 Jan 2012 22:39:06 +0000 (UTC) (envelope-from das@FreeBSD.ORG) Received: from zim.MIT.EDU (ZIM.MIT.EDU [18.95.3.101]) by mx1.freebsd.org (Postfix) with ESMTP id EBF2A8FC13; Sun, 29 Jan 2012 22:39:05 +0000 (UTC) Received: from zim.MIT.EDU (localhost [127.0.0.1]) by zim.MIT.EDU (8.14.5/8.14.2) with ESMTP id q0TMd5d6038689; Sun, 29 Jan 2012 17:39:05 -0500 (EST) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by zim.MIT.EDU (8.14.5/8.14.2/Submit) id q0TMd4NT038688; Sun, 29 Jan 2012 17:39:04 -0500 (EST) (envelope-from das@FreeBSD.ORG) Date: Sun, 29 Jan 2012 17:39:04 -0500 From: David Schultz To: Kostik Belousov Message-ID: <20120129223904.GA37483@zim.MIT.EDU> Mail-Followup-To: Kostik Belousov , Bruce Evans , Gleb Smirnoff , svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org References: <201201261159.q0QBxma2086162@svn.freebsd.org> <20120126233110.C960@besplex.bde.org> <20120126153641.GA68112@FreeBSD.org> <20120127194612.H1547@besplex.bde.org> <20120127091244.GZ2726@deviant.kiev.zoral.com.ua> <20120127194221.GA25723@zim.MIT.EDU> <20120128123748.GD2726@deviant.kiev.zoral.com.ua> <20120129001225.GA32220@zim.MIT.EDU> <20120129062327.GK2726@deviant.kiev.zoral.com.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120129062327.GK2726@deviant.kiev.zoral.com.ua> Cc: svn-src-head@FreeBSD.ORG, svn-src-all@FreeBSD.ORG, Gleb Smirnoff , src-committers@FreeBSD.ORG, Bruce Evans Subject: Re: svn commit: r230583 - head/sys/kern X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2012 22:39:06 -0000 On Sun, Jan 29, 2012, Kostik Belousov wrote: > On Sat, Jan 28, 2012 at 07:12:25PM -0500, David Schultz wrote: > > On Sat, Jan 28, 2012, Kostik Belousov wrote: > > > On Fri, Jan 27, 2012 at 02:42:21PM -0500, David Schultz wrote: > > > > On Fri, Jan 27, 2012, Kostik Belousov wrote: > > > > > On Fri, Jan 27, 2012 at 07:50:30PM +1100, Bruce Evans wrote: > > > > > > On Thu, 26 Jan 2012, Gleb Smirnoff wrote: > > > > > > > > > > > > >On Thu, Jan 26, 2012 at 11:53:57PM +1100, Bruce Evans wrote: > > > > > > >B> > @@ -1552,6 +1552,12 @@ aio_aqueue(struct thread *td, struct aio > > > > > > >B> > return (error); > > > > > > >B> > } > > > > > > >B> > > > > > > > >B> > + /* XXX: aio_nbytes is later casted to signed types. */ > > > > > > >B> > + if ((int)aiocbe->uaiocb.aio_nbytes < 0) { > > > > > > >B> > > > > > > >B> This should avoid implementation-defined behaviour by checking if > > > > > > >B> > > > > > > >B> (uncast)aiocbe->uaiocb.aio_nbytes > INT_MAX. > > > > > > > > > > > > >Is the attached patch okay? > > > > > > > > > > > > Yes. It now matches the style used for read^Wsys_read() and friends. > > > > > > This used to have to fit the count in "int uio_resid". uio_resid now > > > > > > has type ssize_t, but for some reason the old INT_MAX limits remain. > > > > > > > > > > Well, I can revive the patch. I still think it is good to get rid of > > > > > the limit. > > > > > > > > The correct limit on the maximum size of a single read/write is > > > > SSIZE_MAX, but FreeBSD uses INT_MAX. It's not safe to raise the > > > > limit yet, though, because of bugs in several filesystems. For > > > > example, FFS copies uio_resid into a local variable of type int. > > > > I have some old patches that fix some of these issues for FFS and > > > > cd9660, but surely there are more places I didn't notice. > > > > > > > Absolutely agree. > > > > > > http://people.freebsd.org/~kib/misc/uio_resid.5.patch > > > > Nice. You found a lot more than I've got in my tree, and you even > > fixed the return values. There are at least a few more places to > > fix. For instance, cd9660 and the NFS client pass uio_resid or > > iov_len to min(), which operates on ints. (Incidentally, C11 > > generics ought to make it possible to write type-generic min() > > and max() functions.) > > Thank you, http://people.freebsd.org/~kib/misc/uio_resid.6.patch > changed them to MIN(). This looks good to me. I tried to think of other places that you might have missed, and the only one that occurred to me is the pipe code. sys_pipe.c has an `int orig_resid' and lots of bogus casts of iov_len and uio_resid to type u_int. Some look harmless, although it appears that writing a multiple of 2^32 bytes might result in pipe_build_write_buffer() allocating a 0-length buffer. My only reservation is that raising the limit could unmask a kernel buffer overflow if we missed something, but I guess we have to cross that bridge some day anyway.