Module Name: src
Committed By: haad
Date: Wed Sep 9 22:38:49 UTC 2009
Modified Files:
src/sys/dev/dm: dm_dev.c dm_ioctl.c dm_pdev.c dm_target.c
dm_target_linear.c dm_target_stripe.c
Log Message:
Fix bug in kmem_alloc/kmem_free of params string. Params string was
allocated with length DM_MAX_PARAMS_SIZE and released with strlen + 1 size.
Disable KM_NOSLEEP allocation because we do not need them here there is
nothing critical in ioctl part of dm driver.
Bug reported by j...@.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/dev/dm/dm_dev.c
cvs rdiff -u -r1.13 -r1.14 src/sys/dev/dm/dm_ioctl.c
cvs rdiff -u -r1.3 -r1.4 src/sys/dev/dm/dm_pdev.c
cvs rdiff -u -r1.10 -r1.11 src/sys/dev/dm/dm_target.c
cvs rdiff -u -r1.6 -r1.7 src/sys/dev/dm/dm_target_linear.c \
src/sys/dev/dm/dm_target_stripe.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/dm/dm_dev.c
diff -u src/sys/dev/dm/dm_dev.c:1.5 src/sys/dev/dm/dm_dev.c:1.6
--- src/sys/dev/dm/dm_dev.c:1.5 Mon Apr 13 18:51:54 2009
+++ src/sys/dev/dm/dm_dev.c Wed Sep 9 22:38:49 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: dm_dev.c,v 1.5 2009/04/13 18:51:54 haad Exp $ */
+/* $NetBSD: dm_dev.c,v 1.6 2009/09/09 22:38:49 haad Exp $ */
/*
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -304,10 +304,10 @@
{
dm_dev_t *dmv;
- dmv = kmem_zalloc(sizeof(dm_dev_t), KM_NOSLEEP);
+ dmv = kmem_zalloc(sizeof(dm_dev_t), KM_SLEEP);
if(dmv != NULL)
- dmv->diskp = kmem_zalloc(sizeof(struct disk), KM_NOSLEEP);
+ dmv->diskp = kmem_zalloc(sizeof(struct disk), KM_SLEEP);
return dmv;
}
Index: src/sys/dev/dm/dm_ioctl.c
diff -u src/sys/dev/dm/dm_ioctl.c:1.13 src/sys/dev/dm/dm_ioctl.c:1.14
--- src/sys/dev/dm/dm_ioctl.c:1.13 Fri Jun 5 21:52:31 2009
+++ src/sys/dev/dm/dm_ioctl.c Wed Sep 9 22:38:49 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: dm_ioctl.c,v 1.13 2009/06/05 21:52:31 haad Exp $ */
+/* $NetBSD: dm_ioctl.c,v 1.14 2009/09/09 22:38:49 haad Exp $ */
/*
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -746,7 +746,7 @@
}
if ((table_en = kmem_alloc(sizeof(dm_table_entry_t),
- KM_NOSLEEP)) == NULL) {
+ KM_SLEEP)) == NULL) {
dm_table_release(&dmv->table_head, DM_TABLE_INACTIVE);
dm_dev_unbusy(dmv);
return ENOMEM;
@@ -913,7 +913,7 @@
prop_dictionary_set_cstring(target_dict,
DM_TABLE_PARAMS, params);
- kmem_free(params, strlen(params) + 1);
+ kmem_free(params, DM_MAX_PARAMS_SIZE);
}
}
Index: src/sys/dev/dm/dm_pdev.c
diff -u src/sys/dev/dm/dm_pdev.c:1.3 src/sys/dev/dm/dm_pdev.c:1.4
--- src/sys/dev/dm/dm_pdev.c:1.3 Wed Mar 18 10:22:39 2009
+++ src/sys/dev/dm/dm_pdev.c Wed Sep 9 22:38:49 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: dm_pdev.c,v 1.3 2009/03/18 10:22:39 cegger Exp $ */
+/* $NetBSD: dm_pdev.c,v 1.4 2009/09/09 22:38:49 haad Exp $ */
/*
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -141,7 +141,7 @@
{
dm_pdev_t *dmp;
- if ((dmp = kmem_zalloc(sizeof(dm_pdev_t), KM_NOSLEEP)) == NULL)
+ if ((dmp = kmem_zalloc(sizeof(dm_pdev_t), KM_SLEEP)) == NULL)
return NULL;
strlcpy(dmp->name, name, MAX_DEV_NAME);
Index: src/sys/dev/dm/dm_target.c
diff -u src/sys/dev/dm/dm_target.c:1.10 src/sys/dev/dm/dm_target.c:1.11
--- src/sys/dev/dm/dm_target.c:1.10 Sun Aug 16 11:02:40 2009
+++ src/sys/dev/dm/dm_target.c Wed Sep 9 22:38:49 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: dm_target.c,v 1.10 2009/08/16 11:02:40 yamt Exp $ */
+/* $NetBSD: dm_target.c,v 1.11 2009/09/09 22:38:49 haad Exp $ */
/*
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -238,7 +238,7 @@
dm_target_t*
dm_target_alloc(const char *name)
{
- return kmem_zalloc(sizeof(dm_target_t), KM_NOSLEEP);
+ return kmem_zalloc(sizeof(dm_target_t), KM_SLEEP);
}
/*
Index: src/sys/dev/dm/dm_target_linear.c
diff -u src/sys/dev/dm/dm_target_linear.c:1.6 src/sys/dev/dm/dm_target_linear.c:1.7
--- src/sys/dev/dm/dm_target_linear.c:1.6 Sun Aug 16 11:02:24 2009
+++ src/sys/dev/dm/dm_target_linear.c Wed Sep 9 22:38:49 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: dm_target_linear.c,v 1.6 2009/08/16 11:02:24 yamt Exp $ */
+/* $NetBSD: dm_target_linear.c,v 1.7 2009/09/09 22:38:49 haad Exp $ */
/*
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -78,7 +78,7 @@
aprint_debug("Linear target init function called %s--%"PRIu64"!!\n",
device, offset);
- if ((tlc = kmem_alloc(sizeof(dm_target_linear_config_t), KM_NOSLEEP))
+ if ((tlc = kmem_alloc(sizeof(dm_target_linear_config_t), KM_SLEEP))
== NULL)
return 1;
@@ -109,7 +109,7 @@
aprint_debug("Linear target status function called\n");
- if ((params = kmem_alloc(DM_MAX_PARAMS_SIZE, KM_NOSLEEP)) == NULL)
+ if ((params = kmem_alloc(DM_MAX_PARAMS_SIZE, KM_SLEEP)) == NULL)
return NULL;
aprint_normal("%s %"PRIu64, tlc->pdev->name, tlc->offset);
Index: src/sys/dev/dm/dm_target_stripe.c
diff -u src/sys/dev/dm/dm_target_stripe.c:1.6 src/sys/dev/dm/dm_target_stripe.c:1.7
--- src/sys/dev/dm/dm_target_stripe.c:1.6 Fri Jun 5 19:56:40 2009
+++ src/sys/dev/dm/dm_target_stripe.c Wed Sep 9 22:38:49 2009
@@ -1,4 +1,4 @@
-/*$NetBSD: dm_target_stripe.c,v 1.6 2009/06/05 19:56:40 haad Exp $*/
+/*$NetBSD: dm_target_stripe.c,v 1.7 2009/09/09 22:38:49 haad Exp $*/
/*
* Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -164,8 +164,6 @@
tsc->stripe_devs[0].offset = offset1;
tsc->stripe_devs[1].offset = offset2;
- /* Save length of param string */
- tsc->params_len = DM_MAX_PARAMS_SIZE;
tsc->stripe_chunksize = chunk_size;
tsc->stripe_num = (uint8_t)stripes;
@@ -185,10 +183,10 @@
tsc = target_config;
- if ((params = kmem_alloc(tsc->params_len, KM_NOSLEEP)) == NULL)
+ if ((params = kmem_alloc(DM_MAX_PARAMS_SIZE, KM_SLEEP)) == NULL)
return NULL;
- snprintf(params, tsc->params_len, "%d %"PRIu64" %s %"PRIu64" %s %"PRIu64,
+ snprintf(params, DM_MAX_PARAMS_SIZE, "%d %"PRIu64" %s %"PRIu64" %s %"PRIu64,
tsc->stripe_num, tsc->stripe_chunksize,
tsc->stripe_devs[0].pdev->name, tsc->stripe_devs[0].offset,
tsc->stripe_devs[1].pdev->name, tsc->stripe_devs[1].offset);
