From owner-svn-src-head@FreeBSD.ORG Fri May 15 07:02:40 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 880471065670; Fri, 15 May 2009 07:02:40 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [IPv6:2001:7b8:613:100::211]) by mx1.freebsd.org (Postfix) with ESMTP id 26E178FC18; Fri, 15 May 2009 07:02:40 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id 4404A1D15D; Fri, 15 May 2009 09:02:39 +0200 (CEST) Date: Fri, 15 May 2009 09:02:39 +0200 From: Ed Schouten To: Konstantin Belousov Message-ID: <20090515070239.GQ58540@hoeg.nl> References: <200905141054.n4EAsvp1088977@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KqDMOJtxr760r6Zu" Content-Disposition: inline In-Reply-To: <200905141054.n4EAsvp1088977@svn.freebsd.org> User-Agent: Mutt/1.5.19 (2009-01-05) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r192094 - head/sys/kern X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2009 07:02:40 -0000 --KqDMOJtxr760r6Zu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Kostik, * Konstantin Belousov wrote: > Log: > Do not advance req->oldidx when sysctl_old_user returning an > error due to copyout failure or short buffer. > =20 > The later breaks the usermode iterators of the sysctl results that pack > arbitrary number of variable-sized structures. Iterator expects that > kernel filled exactly oldlen bytes, and tries to interpret half-filled > or garbage structure at the end of the buffer. In particular, > kinfo_getfile(3) segfaulted. > =20 > Reported and tested by: pho > MFC after: 3 weeks Is it possible that this change introduces a regression? Right now `pstat -t' gets stuck in an infinite loop. I've added the following printf: | Index: pstat.c | =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D | --- pstat.c (revision 192128) | +++ pstat.c (working copy) | @@ -263,6 +263,7 @@ | if (errno !=3D ENOMEM) | err(1, "sysctlbyname()"); | len *=3D 2; | + printf("Going to %zu\n", len); | if ((xttys =3D realloc(xttys, len)) =3D=3D NULL) | err(1, "realloc()"); | } pstat on -CURRENT prints: | LINE INQ CAN LIN LOW OUTQ USE LOW COL SESS PGID STATE | Going to 0 | Going to 0 | Going to 0 | ... If I use the same patch on RELENG_6, I get the expected result: | LINE RAW CAN OUT IHIWT ILOWT OHWT LWT COL STATE SESS PGID = DISC | Going to 272 | Going to 544 | Going to 1088 | Going to 2176 | Going to 4352 | Going to 8704 | sysmouse 0 0 0 0 0 0 0 0 - 0 0 = term | ... So the problem is that sysctl overwrites the len argument with 0, even if it returns back to userspace with ENOMEM. I see we have two changes in sysctl. In theory it could also be related to jhb@'s changes to sysctl locking, but I suspect it's less likely. --=20 Ed Schouten WWW: http://80386.nl/ --KqDMOJtxr760r6Zu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkoNE48ACgkQ52SDGA2eCwUaEwCbBX5Nb09/6Y1n09wBL4QAB18C j24AnRhGs34TjIAWSJDlXfigNOapL2WN =nh0e -----END PGP SIGNATURE----- --KqDMOJtxr760r6Zu--