There is a value, MAXIOCBSZ, defined in sys/stream.h, which limits the
maximum size that an ioctl block can be. In particular, this *also*
limits the maximum amount that can be copied in with M_COPYIN.
It appears that this value is not used anywhere else.
I'm pretty unhappy about this, because it will mean that I have to use
partial copyin's in a loop to copyin a ~3K data structure. (The API is
one defined by external sources, so I can't change the size of the
structure I'm dealing with.)
What is the reason for this check? I mean, the way the code looks to
me, it appears that the kernel driver issuing the M_COPYIN specifies the
size, so its not like this is coming from some untrusted userland place.
Can I just remove this check? Or, alternatively, can I crank it up to a
much larger value (say 64K)? Or do I need to use a loop of m_copyin's
to bring in my larger data structure 1K at a time? (Yech!)
-- Garrett
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
