perryh@pluto.rain.com
2011-Feb-07 09:01 UTC
minor data-typing error in 8.1 fs/devfs/devfs_vnops.c
Noticed while digging through devfs_read_f() and devfs_write_f() in the course of investigating some unexpected (by me) geom behavior: ... int ioflag, error, resid; ... resid = uio->uio_resid; ... if (uio->uio_resid != resid || ... IOW resid (an int) is being assigned from and compared with uio->uio_resid (an ssize_t). I suppose it's probably harmless on any arch where an (int) is at least as large as an (ssize_t), but strictly speaking it does look like a bug -- or am I missing something? -------------- next part -------------- --- fs/devfs/devfs_vnops.c-81R Sun Jun 13 19:09:06 2010 +++ - Sun Feb 6 23:58:34 2011 @@ -1046,7 +1046,8 @@ devfs_read_f(struct file *fp, struct uio *uio, struct ucred *cred, int flags, struct thread *td) { struct cdev *dev; - int ioflag, error, resid; + int ioflag, error; + ssize_t resid; struct cdevsw *dsw; struct file *fpop; @@ -1489,7 +1490,8 @@ devfs_write_f(struct file *fp, struct uio *uio, struct ucred *cred, int flags, struct thread *td) { struct cdev *dev; - int error, ioflag, resid; + int error, ioflag; + ssize_t resid; struct cdevsw *dsw; struct file *fpop;
Kostik Belousov
2011-Feb-07 10:22 UTC
minor data-typing error in 8.1 fs/devfs/devfs_vnops.c
On Mon, Feb 07, 2011 at 12:53:14AM -0800, perryh@pluto.rain.com wrote:> Noticed while digging through devfs_read_f() and devfs_write_f() in > the course of investigating some unexpected (by me) geom behavior: > > ... > int ioflag, error, resid; > ... > resid = uio->uio_resid; > ... > if (uio->uio_resid != resid || ... > > IOW resid (an int) is being assigned from and compared with > uio->uio_resid (an ssize_t). > > I suppose it's probably harmless on any arch where an (int) is at > least as large as an (ssize_t), but strictly speaking it does look > like a bug -- or am I missing something?The only consequence of resid truncating uio_resid would be failure to update access time for the devfs node, which is probably not a big issue. In fact, HEAD cannot generate request for i/o greater than 4GB anyway. The type of uio_resid was increased from int to ssize_t to not break the KBI and ease indended fix to support full size_t arguments for read(2)/write(2). The change requires lots of careful review, and thus stalled. I integrated your fix into the patch, see http://people.freebsd.org/~kib/misc/uio_resid.4.patch -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20110207/12be3a56/attachment.pgp