From owner-svn-src-all@FreeBSD.ORG Wed Jul 24 14:52:33 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id AE46056B; Wed, 24 Jul 2013 14:52:33 +0000 (UTC) (envelope-from uqs@FreeBSD.org) Received: from acme.spoerlein.net (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 3113D23DA; Wed, 24 Jul 2013 14:52:33 +0000 (UTC) Received: from localhost (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by acme.spoerlein.net (8.14.7/8.14.7) with ESMTP id r6OEqU3e053775 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 24 Jul 2013 16:52:31 +0200 (CEST) (envelope-from uqs@FreeBSD.org) Date: Wed, 24 Jul 2013 16:52:30 +0200 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: "Andrey V. Elsukov" Subject: Re: svn commit: r253351 - in head: sys/arm/arm sys/i386/i386 sys/kern sys/mips/mips sys/powerpc/aim sys/powerpc/booke sys/sparc64/sparc64 sys/sys usr.bin/netstat Message-ID: <20130724145230.GE9092@acme.spoerlein.net> Mail-Followup-To: Ulrich =?utf-8?B?U3DDtnJsZWlu?= , "Andrey V. Elsukov" , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201307150616.r6F6GvOV066908@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201307150616.r6F6GvOV066908@svn.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2013 14:52:33 -0000 On Mon, 2013-07-15 at 06:16:57 +0000, Andrey V. Elsukov wrote: > Author: ae > Date: Mon Jul 15 06:16:57 2013 > New Revision: 253351 > URL: http://svnweb.freebsd.org/changeset/base/253351 > > Log: > Introduce new structure sfstat for collecting sendfile's statistics > and remove corresponding fields from struct mbstat. Use PCPU counters > and SFSTAT_INC() macro for update these statistics. > > Discussed with: glebius > > Modified: > head/sys/arm/arm/vm_machdep.c > head/sys/i386/i386/vm_machdep.c > head/sys/kern/kern_mbuf.c > head/sys/kern/uipc_syscalls.c > head/sys/mips/mips/vm_machdep.c > head/sys/powerpc/aim/vm_machdep.c > head/sys/powerpc/booke/vm_machdep.c > head/sys/sparc64/sparc64/vm_machdep.c > head/sys/sys/mbuf.h > head/sys/sys/sf_buf.h > head/usr.bin/netstat/main.c > head/usr.bin/netstat/mbuf.c > > Modified: head/usr.bin/netstat/mbuf.c > ============================================================================== > --- head/usr.bin/netstat/mbuf.c Mon Jul 15 05:09:13 2013 (r253350) > +++ head/usr.bin/netstat/mbuf.c Mon Jul 15 06:16:57 2013 (r253351) > @@ -308,20 +309,21 @@ mbpr(void *kvmd, u_long mbaddr) > &mlen, NULL, 0)) > printf("%d/%d/%d sfbufs in use (current/peak/max)\n", > nsfbufsused, nsfbufspeak, nsfbufs); > - mlen = sizeof(mbstat); > - if (sysctlbyname("kern.ipc.mbstat", &mbstat, &mlen, NULL, 0)) { > - warn("kern.ipc.mbstat"); > + mlen = sizeof(sfstat); > + if (sysctlbyname("kern.ipc.sfstat", &sfstat, &mlen, NULL, 0)) { > + warn("kern.ipc.sfstat"); > goto out; > } > } else { Hmm, Coverity flags the sysctlbyname() as an OVERRUN, claiming: overrun-buffer-val: Overrunning struct type sfstat of 24 bytes by passing it to a function which accesses it at byte offset 37. So sysctlbyname.c basically calls sysctl(3) and Coverity thinks that name[1] is USER_CS_PATH in this case, entering the case statement on line 69, which then clobbers oldlenp with sizeof(_PATH_STDPATH) at line 74 in lib/libc/gen/sysctl.c, which is 37 bytes (sizeof("/rescue:/usr/bin:/bin:/usr/sbin:/sbin")). Then it calls memmove(oldp, _PATH_STDPATH, sizeof(_PATH_STDPATH)); where the oldp only has space for the aforementioned 24 bytes of struct sfstat. Any thoughts on this? It's CID 1054778 at scan.coverity.com, if you wanna have a look yourself. Cheers, Uli