CVS commit: src/sys/rump/net/lib/libsockin

Sun, 18 Oct 2009 15:56:06 -0700 

Module Name:    src
Committed By:   tron
Date:           Sun Oct 18 22:55:56 UTC 2009

Modified Files:
        src/sys/rump/net/lib/libsockin: sockin.c

Log Message:
Avoid panic if a file system tries to write a chain of more than 32 mbuf-s
to a socket. This happens e.g. when copying large files to SMBFS.

Code reviewed by Antti Kantee.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/sys/rump/net/lib/libsockin/sockin.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/rump/net/lib/libsockin/sockin.c
diff -u src/sys/rump/net/lib/libsockin/sockin.c:1.18 src/sys/rump/net/lib/libsockin/sockin.c:1.19
--- src/sys/rump/net/lib/libsockin/sockin.c:1.18	Sat Oct 17 20:35:52 2009
+++ src/sys/rump/net/lib/libsockin/sockin.c	Sun Oct 18 22:55:56 2009
@@ -1,4 +1,4 @@
-/*	$NetBSD: sockin.c,v 1.18 2009/10/17 20:35:52 pooka Exp $	*/
+/*	$NetBSD: sockin.c,v 1.19 2009/10/18 22:55:56 tron Exp $	*/
 
 /*
  * Copyright (c) 2008, 2009 Antti Kantee.  All Rights Reserved.
@@ -26,7 +26,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sockin.c,v 1.18 2009/10/17 20:35:52 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sockin.c,v 1.19 2009/10/18 22:55:56 tron Exp $");
 
 #include <sys/param.h>
 #include <sys/condvar.h>
@@ -407,17 +407,25 @@
 	{
 		struct sockaddr *saddr;
 		struct msghdr mhdr;
-		struct iovec iov[32];
+		size_t iov_max, i;
+		struct iovec *iov;
 		struct mbuf *m2;
 		size_t tot;
-		int i, s;
+		int s;
 
 		memset(&mhdr, 0, sizeof(mhdr));
 
+		iov_max = 0;
+		for (m2 = m; m2 != NULL; m2 = m2->m_next) {
+			iov_max++;
+		}
+		if (iov_max == 0)
+			iov_max = 1;
+
+		iov = kmem_alloc(sizeof(struct iovec) * iov_max, KM_SLEEP);
+
 		tot = 0;
-		for (i = 0, m2 = m; m2; m2 = m2->m_next, i++) {
-			if (i >= 32)
-				panic("lazy bum");
+		for (i = 0, m2 = m; m2 != NULL; m2 = m2->m_next, i++) {
 			iov[i].iov_base = m2->m_data;
 			iov[i].iov_len = m2->m_len;
 			tot += m2->m_len;
@@ -426,7 +434,7 @@
 		mhdr.msg_iovlen = i;
 		s = SO2S(so);
 
-		if (nam) {
+		if (nam != NULL) {
 			saddr = mtod(nam, struct sockaddr *);
 			mhdr.msg_name = saddr;
 			mhdr.msg_namelen = saddr->sa_len;
@@ -434,6 +442,8 @@
 
 		rumpuser_net_sendmsg(s, &mhdr, 0, &error);
 
+		kmem_free(iov, sizeof(struct iovec) * iov_max);
+
 		m_freem(m);
 		m_freem(control);

Reply via email to