diff options
author | avg <avg@FreeBSD.org> | 2009-05-27 15:23:12 +0000 |
---|---|---|
committer | avg <avg@FreeBSD.org> | 2009-05-27 15:23:12 +0000 |
commit | 8466b56c6ce328dd395c1a8cd10258f5dbb04033 (patch) | |
tree | 00acc308d5b1470db5492a755b03fd6207d272f7 /sys/compat | |
parent | c2b3891e90b2c5877c08e34be14e4a4917b4bd0d (diff) | |
download | FreeBSD-src-8466b56c6ce328dd395c1a8cd10258f5dbb04033.zip FreeBSD-src-8466b56c6ce328dd395c1a8cd10258f5dbb04033.tar.gz |
linux_ioctl_cdrom: reduce stack usage
... by moving two ~2KB structures from stack to heap allocation.
I experienced stack overflow in linux emulation on i386 (8K stack)
when LINUX_DVD_READ_STRUCT ioctl was performed on atapicam cd
device and there was an error that resulted in additional quite
heavy stack use in cam layer.
Reviewed by: dchagin
Approved by: jhb (mentor)
Diffstat (limited to 'sys/compat')
-rw-r--r-- | sys/compat/linux/linux_ioctl.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/sys/compat/linux/linux_ioctl.c b/sys/compat/linux/linux_ioctl.c index 2b4ca75..f0a7559 100644 --- a/sys/compat/linux/linux_ioctl.c +++ b/sys/compat/linux/linux_ioctl.c @@ -1556,23 +1556,28 @@ linux_ioctl_cdrom(struct thread *td, struct linux_ioctl_args *args) /* LINUX_CDROMAUDIOBUFSIZ */ case LINUX_DVD_READ_STRUCT: { - l_dvd_struct lds; - struct dvd_struct bds; + l_dvd_struct *lds; + struct dvd_struct *bds; - error = copyin((void *)args->arg, &lds, sizeof(lds)); + lds = malloc(sizeof(*lds), M_LINUX, M_WAITOK); + bds = malloc(sizeof(*bds), M_LINUX, M_WAITOK); + error = copyin((void *)args->arg, lds, sizeof(*lds)); if (error) - break; - error = linux_to_bsd_dvd_struct(&lds, &bds); + goto out; + error = linux_to_bsd_dvd_struct(lds, bds); if (error) - break; - error = fo_ioctl(fp, DVDIOCREADSTRUCTURE, (caddr_t)&bds, + goto out; + error = fo_ioctl(fp, DVDIOCREADSTRUCTURE, (caddr_t)bds, td->td_ucred, td); if (error) - break; - error = bsd_to_linux_dvd_struct(&bds, &lds); + goto out; + error = bsd_to_linux_dvd_struct(bds, lds); if (error) - break; - error = copyout(&lds, (void *)args->arg, sizeof(lds)); + goto out; + error = copyout(lds, (void *)args->arg, sizeof(*lds)); + out: + free(bds, M_LINUX); + free(lds, M_LINUX); break; } |