Don't attempt to copy the whole slices "struct" for DIOCGSLICEINFO.

The slices "struct" isn't really a struct; we allocate only part of
it in the fully dangerously dedicated case.  Since the "struct" is
malloced, the page beyond it may not be mapped, so attempts to copy
it would crash.  This problem became larger when the full struct was
bloated from < 1K to > 3K by the addition of (mostly unused) DEVFS
tokens some time before 2.2.0 was released.

1 files changed, 3 insertions, 2 deletions

diff --git a/sys/kern/subr_diskslice.c b/sys/kern/subr_diskslice.c
index 76b7d9a..c8bca74 100644
--- a/sys/kern/subr_diskslice.c
+++ b/sys/kern/subr_diskslice.c
@@ -46,7 +46,7 @@
  *	from: wd.c,v 1.55 1994/10/22 01:57:12 phk Exp $
  *	from: @(#)ufs_disksubr.c	7.16 (Berkeley) 5/4/91
  *	from: ufs_disksubr.c,v 1.8 1994/06/07 01:21:39 phk Exp $
- *	$Id: subr_diskslice.c,v 1.44 1998/04/24 11:49:57 obrien Exp $
+ *	$Id: subr_diskslice.c,v 1.45 1998/04/24 11:50:30 obrien Exp $
  */
 
 #include "opt_devfs.h"
@@ -344,7 +344,8 @@ dsioctl(dname, dev, cmd, data, flags, sspp, strat, setgeom)
 		return (0);
 
 	case DIOCGSLICEINFO:
-		*(struct diskslices *)data = *ssp;
+		bcopy(ssp, data, (char *)&ssp->dss_slices[ssp->dss_nslices] -
+				 (char *)ssp);
 		return (0);
 
 	case DIOCSBAD: