From e54488bbec5c9f80e95cedd395b0e3d31fde253d Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Tue, 18 Aug 2009 20:30:09 -0700 Subject: [PATCH] AMD64 - Refactor uio_resid and size_t assumptions. * uio_resid changed from int to size_t (size_t == unsigned long equivalent). * size_t assumptions in most kernel code has been refactored to operate in a 64 bit environment. * In addition, the 2G limitation for VM related system calls such as mmap() has been removed in 32 bit environments. Note however that because read() and write() return ssize_t, these functions are still limited to a 2G byte count in 32 bit environments. --- sys/boot/common/load_elf.c | 2 +- sys/boot/ofw/libofw/ofw_copy.c | 2 +- sys/boot/pc32/libi386/biosdisk.c | 6 +- sys/boot/pc32/libi386/i386_copy.c | 2 +- sys/bus/cam/scsi/scsi_target.c | 2 +- sys/bus/iicbus/iic.c | 8 +- sys/bus/usb/usb.c | 6 +- sys/dev/misc/kbd/kbd.c | 6 +- sys/dev/misc/lpt/lpt.c | 14 +-- sys/dev/misc/mse/mse.c | 5 +- sys/dev/misc/nmdm/nmdm.c | 4 +- sys/dev/misc/ppi/ppi.c | 18 +-- sys/dev/misc/psm/psm.c | 4 +- sys/dev/misc/snp/snp.c | 12 +- sys/dev/misc/spic/spic.c | 6 +- sys/dev/raid/dpt/dpt_control.c | 6 +- sys/dev/sound/pcm/channel.c | 10 +- sys/dev/sound/pcm/sndstat.c | 10 +- sys/dev/usbmisc/ugen/ugen.c | 14 +-- sys/dev/usbmisc/uhid/uhid.c | 2 +- sys/dev/usbmisc/ulpt/ulpt.c | 2 +- sys/dev/usbmisc/urio/urio.c | 4 +- sys/dev/usbmisc/uscanner/uscanner.c | 4 +- sys/dev/video/ctx/ctx.c | 8 +- sys/dev/video/fb/fb.c | 5 +- sys/emulation/43bsd/43bsd_file.c | 4 +- sys/emulation/43bsd/43bsd_hostinfo.c | 2 +- sys/emulation/43bsd/43bsd_signal.c | 4 +- sys/emulation/43bsd/43bsd_socket.c | 18 +-- sys/emulation/43bsd/43bsd_vm.c | 2 +- .../dragonfly12/dfbsd12_getdirentries.c | 8 +- .../linux/i386/linprocfs/linprocfs_misc.c | 2 +- sys/emulation/linux/i386/linux_machdep.c | 32 ++--- sys/emulation/linux/i386/linux_ptrace.c | 37 +++--- sys/emulation/linux/linux_file.c | 86 +++++++------- sys/emulation/linux/linux_socket.c | 38 +++--- sys/kern/kern_fp.c | 8 +- sys/kern/kern_subr.c | 111 ++++++------------ sys/kern/kern_xio.c | 4 +- sys/kern/subr_log.c | 4 +- sys/kern/subr_prf.c | 4 +- sys/kern/sys_generic.c | 66 +++++------ sys/kern/tty.c | 12 +- sys/kern/tty_pty.c | 19 +-- sys/kern/uipc_mbuf.c | 15 ++- sys/kern/uipc_socket.c | 57 +++++---- sys/kern/uipc_syscalls.c | 53 +++++---- sys/kern/vfs_cluster.c | 6 +- sys/kern/vfs_syscalls.c | 4 +- sys/net/i4b/driver/i4b_rbch.c | 4 +- sys/net/i4b/driver/i4b_tel.c | 8 +- sys/net/tap/if_tap.c | 17 +-- sys/net/tun/if_tun.c | 15 +-- .../bluetooth/drivers/ubtbcmfw/ubtbcmfw.c | 8 +- sys/netgraph7/ng_device.c | 2 +- sys/netproto/smb/smb_smb.c | 27 +++-- sys/netproto/smb/smb_trantcp.c | 5 +- sys/platform/pc32/i386/busdma_machdep.c | 4 +- sys/platform/pc32/i386/vm_machdep.c | 2 +- sys/platform/pc32/include/iic.h | 4 +- sys/platform/pc32/isa/asc.c | 8 +- sys/platform/pc64/amd64/busdma_machdep.c | 4 +- sys/platform/pc64/amd64/vm_machdep.c | 2 +- sys/platform/pc64/isa/asc.c | 8 +- .../vkernel/platform/busdma_machdep.c | 4 +- sys/sys/buf.h | 2 +- sys/sys/kern_syscall.h | 8 +- sys/sys/sysmsg.h | 18 +-- sys/sys/uio.h | 18 +-- sys/sys/xio.h | 2 +- sys/vfs/fdesc/fdesc_vnops.c | 5 +- sys/vfs/hammer/hammer_vnops.c | 2 +- sys/vfs/hpfs/hpfs_vnops.c | 27 +++-- sys/vfs/isofs/cd9660/cd9660_vnops.c | 18 +-- sys/vfs/msdosfs/msdosfs_vnops.c | 18 +-- sys/vfs/nfs/nfs_bio.c | 19 +-- sys/vfs/ntfs/ntfs_vnops.c | 26 ++-- sys/vfs/nwfs/nwfs_io.c | 33 +++--- sys/vfs/procfs/procfs_mem.c | 2 +- sys/vfs/procfs/procfs_rlimit.c | 13 +- sys/vfs/procfs/procfs_status.c | 19 ++- sys/vfs/smbfs/smbfs_io.c | 25 ++-- sys/vfs/userfs/userfs_vnops.c | 18 ++- sys/vm/vm_extern.h | 2 +- sys/vm/vm_mmap.c | 105 +++++++++++------ sys/vm/vm_vmspace.c | 20 ++-- 86 files changed, 674 insertions(+), 606 deletions(-) diff --git a/sys/boot/common/load_elf.c b/sys/boot/common/load_elf.c index 5b12262ddf..8f89c5e2a0 100644 --- a/sys/boot/common/load_elf.c +++ b/sys/boot/common/load_elf.c @@ -332,7 +332,7 @@ __elfN(loadimage)(struct preloaded_file *fp, elf_file_t ef, u_int64_t off) resid = phdr[i].p_memsz - phdr[i].p_filesz; dest = phdr[i].p_vaddr + off + phdr[i].p_filesz; while (resid > 0) { - chunk = min(PAGE_SIZE, resid); + chunk = szmin(PAGE_SIZE, resid); archsw.arch_copyin(buf, dest, chunk); resid -= chunk; dest += chunk; diff --git a/sys/boot/ofw/libofw/ofw_copy.c b/sys/boot/ofw/libofw/ofw_copy.c index 93f8713401..864282bd56 100644 --- a/sys/boot/ofw/libofw/ofw_copy.c +++ b/sys/boot/ofw/libofw/ofw_copy.c @@ -95,7 +95,7 @@ ofw_readin(const int fd, vm_offset_t dest, const size_t len) } for (resid = len; resid > 0; resid -= got, p += got) { - get = min(chunk, resid); + get = szmin(chunk, resid); got = read(fd, buf, get); if (got <= 0) { diff --git a/sys/boot/pc32/libi386/biosdisk.c b/sys/boot/pc32/libi386/biosdisk.c index b7ce47d39a..0e381285e3 100644 --- a/sys/boot/pc32/libi386/biosdisk.c +++ b/sys/boot/pc32/libi386/biosdisk.c @@ -987,7 +987,7 @@ bd_read(struct open_disk *od, daddr_t dblk, int blks, caddr_t dest) sec = x % od->od_sec; /* offset into track */ /* play it safe and don't cross track boundaries (XXX this is probably unnecessary) */ - x = min(od->od_sec - sec, resid); + x = szmin(od->od_sec - sec, resid); if (maxfer > 0) x = min(x, maxfer); /* fit bounce buffer */ @@ -1127,9 +1127,9 @@ bd_write(struct open_disk *od, daddr_t dblk, int blks, caddr_t dest) sec = x % od->od_sec; /* offset into track */ /* play it safe and don't cross track boundaries (XXX this is probably unnecessary) */ - x = min(od->od_sec - sec, resid); + x = szmin(od->od_sec - sec, resid); if (maxfer > 0) - x = min(x, maxfer); /* fit bounce buffer */ + x = szmin(x, maxfer); /* fit bounce buffer */ /* where do we transfer to? */ xp = bbuf == NULL ? p : breg; diff --git a/sys/boot/pc32/libi386/i386_copy.c b/sys/boot/pc32/libi386/i386_copy.c index 9277cdc1fa..520688fe2a 100644 --- a/sys/boot/pc32/libi386/i386_copy.c +++ b/sys/boot/pc32/libi386/i386_copy.c @@ -80,7 +80,7 @@ i386_readin(const int fd, vm_offset_t dest, const size_t len) return(0); for (resid = len; resid > 0; resid -= got, dest += got) { - get = min(chunk, resid); + get = szmin(chunk, resid); got = read(fd, buf, get); if (got <= 0) break; diff --git a/sys/bus/cam/scsi/scsi_target.c b/sys/bus/cam/scsi/scsi_target.c index f9850b41f5..8494369fee 100644 --- a/sys/bus/cam/scsi/scsi_target.c +++ b/sys/bus/cam/scsi/scsi_target.c @@ -565,7 +565,7 @@ targwrite(struct dev_write_args *ap) softc = (struct targ_softc *)ap->a_head.a_dev->si_drv1; write_len = error = 0; CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, - ("write - uio_resid %d\n", uio->uio_resid)); + ("write - uio_resid %ld\n", uio->uio_resid)); while (uio->uio_resid >= sizeof(user_ccb) && error == 0) { union ccb *ccb; diff --git a/sys/bus/iicbus/iic.c b/sys/bus/iicbus/iic.c index ab69d6f064..d611739f52 100644 --- a/sys/bus/iicbus/iic.c +++ b/sys/bus/iicbus/iic.c @@ -184,8 +184,8 @@ iicwrite(struct dev_write_args *ap) if ((error = iicbus_request_bus(device_get_parent(iicdev), iicdev, IIC_DONTWAIT))) return (error); - count = min(uio->uio_resid, BUFSIZE); - uiomove(sc->sc_buffer, count, uio); + count = (int)szmin(uio->uio_resid, BUFSIZE); + uiomove(sc->sc_buffer, (size_t)count, uio); error = iicbus_block_write(device_get_parent(iicdev), sc->sc_addr, sc->sc_buffer, count, &sent); @@ -215,7 +215,7 @@ iicread(struct dev_read_args *ap) return (error); /* max amount of data to read */ - len = min(uio->uio_resid, BUFSIZE); + len = (int)szmin(uio->uio_resid, BUFSIZE); if ((error = iicbus_block_read(device_get_parent(iicdev), sc->sc_addr, sc->sc_inbuf, len, &bufsize))) @@ -226,7 +226,7 @@ iicread(struct dev_read_args *ap) iicbus_release_bus(device_get_parent(iicdev), iicdev); - return (uiomove(sc->sc_inbuf, bufsize, uio)); + return (uiomove(sc->sc_inbuf, (size_t)bufsize, uio)); } static int diff --git a/sys/bus/usb/usb.c b/sys/bus/usb/usb.c index 3fcb68c737..3194b03497 100644 --- a/sys/bus/usb/usb.c +++ b/sys/bus/usb/usb.c @@ -615,7 +615,7 @@ usbioctl(struct dev_ioctl_args *ap) case USB_REQUEST: { struct usb_ctl_request *ur = (void *)ap->a_data; - int len = UGETW(ur->ucr_request.wLength); + size_t len = UGETW(ur->ucr_request.wLength); struct iovec iov; struct uio uio; void *ptr = 0; @@ -623,8 +623,8 @@ usbioctl(struct dev_ioctl_args *ap) usbd_status err; int error = 0; - DPRINTF(("usbioctl: USB_REQUEST addr=%d len=%d\n", addr, len)); - if (len < 0 || len > 32768) + DPRINTF(("usbioctl: USB_REQUEST addr=%d len=%ld\n", addr, len)); + if (len > 32768) return (EINVAL); if (addr < 0 || addr >= USB_MAX_DEVICES || sc->sc_bus->devices[addr] == 0) diff --git a/sys/dev/misc/kbd/kbd.c b/sys/dev/misc/kbd/kbd.c index 1baa8eeec1..2e69d3dcc4 100644 --- a/sys/dev/misc/kbd/kbd.c +++ b/sys/dev/misc/kbd/kbd.c @@ -630,11 +630,11 @@ genkbdread(struct dev_read_args *ap) /* copy as much input as possible */ error = 0; while (uio->uio_resid > 0) { - len = imin(uio->uio_resid, sizeof(buffer)); + len = (int)szmin(uio->uio_resid, sizeof(buffer)); len = q_to_b(&sc->gkb_q, buffer, len); - if (len <= 0) + if (len == 0) break; - error = uiomove(buffer, len, uio); + error = uiomove(buffer, (size_t)len, uio); if (error) break; } diff --git a/sys/dev/misc/lpt/lpt.c b/sys/dev/misc/lpt/lpt.c index 0ef454ec0b..23ff75ff29 100644 --- a/sys/dev/misc/lpt/lpt.c +++ b/sys/dev/misc/lpt/lpt.c @@ -701,16 +701,16 @@ lptread(struct dev_read_args *ap) /* read data in an other buffer, read/write may be simultaneous */ len = 0; while (uio->uio_resid) { - if ((error = ppb_1284_read(ppbus, PPB_NIBBLE, - sc->sc_statbuf, min(BUFSTATSIZE, - uio->uio_resid), &len))) { + error = ppb_1284_read(ppbus, PPB_NIBBLE, sc->sc_statbuf, + (int)szmin(BUFSTATSIZE, uio->uio_resid), + len); + if (error) goto error; - } if (!len) goto error; /* no more data */ - if ((error = uiomove(sc->sc_statbuf, len, uio))) + if ((error = uiomove(sc->sc_statbuf, (size_t)len, uio))) goto error; } @@ -761,9 +761,9 @@ lptwrite(struct dev_write_args *ap) } sc->sc_state &= ~INTERRUPTED; - while ((n = min(BUFSIZE, uio->uio_resid)) != 0) { + while ((n = (unsigned)szmin(BUFSIZE, uio->uio_resid)) != 0) { sc->sc_cp = sc->sc_inbuf; - uiomove(sc->sc_cp, n, uio); + uiomove(sc->sc_cp, (size_t)n, uio); sc->sc_xfercnt = n ; if (sc->sc_irq & LP_ENABLE_EXT) { diff --git a/sys/dev/misc/mse/mse.c b/sys/dev/misc/mse/mse.c index a5b3556c6f..a7c432c877 100644 --- a/sys/dev/misc/mse/mse.c +++ b/sys/dev/misc/mse/mse.c @@ -484,8 +484,9 @@ mseread(struct dev_read_args *ap) sc->sc_bytesread = 0; } crit_exit(); - xfer = min(uio->uio_resid, sc->mode.packetsize - sc->sc_bytesread); - error = uiomove(&sc->sc_bytes[sc->sc_bytesread], xfer, uio); + xfer = (int)szmin(uio->uio_resid, + sc->mode.packetsize - sc->sc_bytesread); + error = uiomove(&sc->sc_bytes[sc->sc_bytesread], (size_t)xfer, uio); if (error) return (error); sc->sc_bytesread += xfer; diff --git a/sys/dev/misc/nmdm/nmdm.c b/sys/dev/misc/nmdm/nmdm.c index 40757a3c2f..f49d4f36e5 100644 --- a/sys/dev/misc/nmdm/nmdm.c +++ b/sys/dev/misc/nmdm/nmdm.c @@ -333,7 +333,7 @@ nmdmwrite(struct dev_write_args *ap) cdev_t dev = ap->a_head.a_dev; struct uio *uio = ap->a_uio; u_char *cp = 0; - int cc = 0; + size_t cc = 0; u_char locbuf[BUFSIZ]; int cnt = 0; int error = 0; @@ -356,7 +356,7 @@ again: * Fill up the buffer if it's empty */ if (cc == 0) { - cc = min(uio->uio_resid, BUFSIZ); + cc = szmin(uio->uio_resid, BUFSIZ); cp = locbuf; error = uiomove((caddr_t)cp, cc, uio); if (error) diff --git a/sys/dev/misc/ppi/ppi.c b/sys/dev/misc/ppi/ppi.c index c607f2cc8f..dcb40a5c67 100644 --- a/sys/dev/misc/ppi/ppi.c +++ b/sys/dev/misc/ppi/ppi.c @@ -368,11 +368,11 @@ ppiread(struct dev_read_args *ap) /* read data */ len = 0; while (uio->uio_resid) { - if ((error = ppb_1284_read(ppbus, ppi->ppi_mode, - ppi->ppi_buffer, min(BUFSIZE, uio->uio_resid), - &len))) { + error = ppb_1284_read(ppbus, ppi->ppi_mode, ppi->ppi_buffer, + (int)szmin(BUFSIZE, uio->uio_resid), + &len); + if (error) goto error; - } if (!len) goto error; /* no more data */ @@ -380,7 +380,7 @@ ppiread(struct dev_read_args *ap) #ifdef DEBUG_1284 kprintf("d"); #endif - if ((error = uiomove(ppi->ppi_buffer, len, uio))) + if ((error = uiomove(ppi->ppi_buffer, (size_t)len, uio))) goto error; } @@ -434,8 +434,8 @@ ppiwrite(struct dev_write_args *ap) kprintf("ppiwrite: ECP negociation failed\n"); } - while (!error && (len = min(uio->uio_resid, BUFSIZE))) { - uiomove(ppi->ppi_buffer, len, uio); + while (!error && (len = (int)szmin(uio->uio_resid, BUFSIZE))) { + uiomove(ppi->ppi_buffer, (size_t)len, uio); ppb_MS_init_msq(msq, 2, ADDRESS, ppi->ppi_buffer, LENGTH, len); @@ -476,8 +476,8 @@ ppiwrite(struct dev_write_args *ap) #endif /* negociation done, write bytes to master host */ - while ((len = min(uio->uio_resid, BUFSIZE)) != 0) { - uiomove(ppi->ppi_buffer, len, uio); + while ((len = (int)szmin(uio->uio_resid, BUFSIZE)) != 0) { + uiomove(ppi->ppi_buffer, (size_t)len, uio); if ((error = byte_peripheral_write(ppbus, ppi->ppi_buffer, len, &sent))) goto error; diff --git a/sys/dev/misc/psm/psm.c b/sys/dev/misc/psm/psm.c index ed7e9568b6..8cf834aa4f 100644 --- a/sys/dev/misc/psm/psm.c +++ b/sys/dev/misc/psm/psm.c @@ -1551,7 +1551,7 @@ psmread(struct dev_read_args *ap) /* copy data to the user land */ while ((sc->queue.count > 0) && (uio->uio_resid > 0)) { crit_enter(); - l = min(sc->queue.count, uio->uio_resid); + l = (int)szmin(sc->queue.count, uio->uio_resid); if (l > sizeof(buf)) l = sizeof(buf); if (l > sizeof(sc->queue.buf) - sc->queue.head) { @@ -1566,7 +1566,7 @@ psmread(struct dev_read_args *ap) sc->queue.count -= l; sc->queue.head = (sc->queue.head + l) % sizeof(sc->queue.buf); crit_exit(); - error = uiomove(buf, l, uio); + error = uiomove(buf, (size_t)l, uio); if (error) break; } diff --git a/sys/dev/misc/snp/snp.c b/sys/dev/misc/snp/snp.c index 5a108e7cfa..f33b502292 100644 --- a/sys/dev/misc/snp/snp.c +++ b/sys/dev/misc/snp/snp.c @@ -141,9 +141,9 @@ snplwrite(struct tty *tp, struct uio *uio, int flag) ibuf = NULL; snp = tp->t_sc; while (uio->uio_resid > 0) { - ilen = imin(512, uio->uio_resid); + ilen = (int)szmin(512, uio->uio_resid); ibuf = kmalloc(ilen, M_SNP, M_WAITOK); - error = uiomove(ibuf, ilen, uio); + error = uiomove(ibuf, (size_t)ilen, uio); if (error != 0) break; snp_in(snp, ibuf, ilen); @@ -207,8 +207,8 @@ tty_input: return (EIO); while (uio->uio_resid > 0) { - len = imin(uio->uio_resid, SNP_INPUT_BUF); - if ((error = uiomove(c, len, uio)) != 0) + len = (int)szmin(uio->uio_resid, SNP_INPUT_BUF); + if ((error = uiomove(c, (size_t)len, uio)) != 0) return (error); for (i=0; i < len; i++) { if (ttyinput(c[i], tp)) @@ -253,12 +253,12 @@ snpread(struct dev_read_args *ap) error = 0; while (snp->snp_len > 0 && uio->uio_resid > 0 && error == 0) { - len = min((unsigned)uio->uio_resid, snp->snp_len); + len = (int)szmin(uio->uio_resid, snp->snp_len); from = (caddr_t)(snp->snp_buf + snp->snp_base); if (len == 0) break; - error = uiomove(from, len, uio); + error = uiomove(from, (size_t)len, uio); snp->snp_base += len; snp->snp_len -= len; } diff --git a/sys/dev/misc/spic/spic.c b/sys/dev/misc/spic/spic.c index 83eedb5c1b..5228c2d4da 100644 --- a/sys/dev/misc/spic/spic.c +++ b/sys/dev/misc/spic/spic.c @@ -483,7 +483,7 @@ spicread(struct dev_read_args *ap) sc = devclass_get_softc(spic_devclass, 0); - if (uio->uio_resid <= 0) /* What kind of a read is this?! */ + if (uio->uio_resid == 0) /* What kind of a read is this?! */ return 0; crit_enter(); @@ -499,12 +499,12 @@ spicread(struct dev_read_args *ap) crit_exit(); crit_enter(); - l = min(uio->uio_resid, sc->sc_count); + l = (int)szmin(uio->uio_resid, sc->sc_count); bcopy(sc->sc_buf, buf, l); sc->sc_count -= l; bcopy(sc->sc_buf + l, sc->sc_buf, l); crit_exit(); - return uiomove(buf, l, uio); + return uiomove(buf, (size_t)l, uio); } diff --git a/sys/dev/raid/dpt/dpt_control.c b/sys/dev/raid/dpt/dpt_control.c index 974300f6a9..8152ca9e9c 100644 --- a/sys/dev/raid/dpt/dpt_control.c +++ b/sys/dev/raid/dpt/dpt_control.c @@ -486,8 +486,8 @@ dpt_write(cdev_t dev, struct uio * uio, int ioflag) } else if (uio->uio_resid > DPT_RW_CMD_LEN) { return (E2BIG); } else { - char *cp; - int length; + char *cp; + size_t length; cp = dpt_inbuf[minor_no]->b_data; length = uio->uio_resid; /* uiomove will change it! */ @@ -644,7 +644,7 @@ dpt_read(cdev_t dev, struct uio * uio, int ioflag) if (error == 0) { work_buffer[work_size++] = '\0'; - error = uiomove(work_buffer, work_size, uio); + error = uiomove(work_buffer, (size_t)work_size, uio); uio->uio_resid = 0; #ifdef DPT_DEBUG_CONTROL if (error) { diff --git a/sys/dev/sound/pcm/channel.c b/sys/dev/sound/pcm/channel.c index 68460d7545..2958816cf3 100644 --- a/sys/dev/sound/pcm/channel.c +++ b/sys/dev/sound/pcm/channel.c @@ -317,11 +317,11 @@ chn_write(struct pcm_channel *c, struct uio *buf, int ioflags) * the write operation avoids blocking. */ nbio = (c->flags & CHN_F_NBIO) || (ioflags & IO_NDELAY); - if (nbio && buf->uio_resid > sndbuf_getblksz(bs)) { - DEB(device_printf(c->dev, "broken app, nbio and tried to write %d bytes with fragsz %d\n", + if (nbio && buf->uio_resid > (size_t)sndbuf_getblksz(bs)) { + DEB(device_printf(c->dev, "broken app, nbio and tried to write %ld bytes with fragsz %d\n", buf->uio_resid, sndbuf_getblksz(bs))); newsize = 16; - while (newsize < min(buf->uio_resid, CHN_2NDBUFMAXSIZE / 2)) + while (newsize < (int)szmin(buf->uio_resid, CHN_2NDBUFMAXSIZE / 2)) newsize <<= 1; chn_setblocksize(c, sndbuf_getblkcnt(bs), newsize); DEB(device_printf(c->dev, "frags reset to %d x %d\n", sndbuf_getblkcnt(bs), sndbuf_getblksz(bs))); @@ -347,7 +347,7 @@ chn_write(struct pcm_channel *c, struct uio *buf, int ioflags) count = hz; } } else { - sz = MIN(sz, buf->uio_resid); + sz = (int)szmin(sz, buf->uio_resid); KASSERT(sz > 0, ("confusion in chn_write")); /* kprintf("sz: %d\n", sz); */ @@ -493,7 +493,7 @@ chn_read(struct pcm_channel *c, struct uio *buf, int ioflags) ret = 0; count = hz; while (!ret && (buf->uio_resid > 0) && (count > 0)) { - sz = MIN(buf->uio_resid, sndbuf_getready(bs)); + sz = (int)szmin(buf->uio_resid, sndbuf_getready(bs)); if (sz > 0) { /* diff --git a/sys/dev/sound/pcm/sndstat.c b/sys/dev/sound/pcm/sndstat.c index e665e01747..bf13a77215 100644 --- a/sys/dev/sound/pcm/sndstat.c +++ b/sys/dev/sound/pcm/sndstat.c @@ -155,8 +155,14 @@ sndstat_read(struct dev_read_args *ap) lockmgr(&sndstat_lock, LK_RELEASE); return EBADF; } - l = min(buf->uio_resid, sbuf_len(&sndstat_sbuf) - sndstat_bufptr); - err = (l > 0)? uiomove(sbuf_data(&sndstat_sbuf) + sndstat_bufptr, l, buf) : 0; + l = (int)szmin(buf->uio_resid, + sbuf_len(&sndstat_sbuf) - sndstat_bufptr); + if (l > 0) { + err = uiomove(sbuf_data(&sndstat_sbuf) + sndstat_bufptr, + l, buf); + } else { + err = 0; + } sndstat_bufptr += l; lockmgr(&sndstat_lock, LK_RELEASE); diff --git a/sys/dev/usbmisc/ugen/ugen.c b/sys/dev/usbmisc/ugen/ugen.c index ebfc008c0f..3c748aa551 100644 --- a/sys/dev/usbmisc/ugen/ugen.c +++ b/sys/dev/usbmisc/ugen/ugen.c @@ -664,7 +664,7 @@ ugen_do_read(struct ugen_softc *sc, int endpt, struct uio *uio, int flag) /* Transfer as many chunks as possible. */ while (sce->q.c_cc > 0 && uio->uio_resid > 0 && !error) { - n = min(sce->q.c_cc, uio->uio_resid); + n = szmin(sce->q.c_cc, uio->uio_resid); if (n > sizeof(buffer)) n = sizeof(buffer); @@ -684,7 +684,7 @@ ugen_do_read(struct ugen_softc *sc, int endpt, struct uio *uio, int flag) error = ENOMEM; goto done; } - while ((n = min(ugen_bbsize, uio->uio_resid)) != 0) { + while ((n = szmin(ugen_bbsize, uio->uio_resid)) != 0) { DPRINTFN(1, ("ugenread: start transfer %d bytes\n",n)); tn = n; err = usbd_bulk_transfer( @@ -734,9 +734,9 @@ ugen_do_read(struct ugen_softc *sc, int endpt, struct uio *uio, int flag) while (sce->cur != sce->fill && uio->uio_resid > 0 && !error) { if (sce->fill > sce->cur) - n = min(sce->fill - sce->cur, uio->uio_resid); + n = szmin(sce->fill - sce->cur, uio->uio_resid); else - n = min(sce->limit - sce->cur, uio->uio_resid); + n = szmin(sce->limit- sce->cur, uio->uio_resid); DPRINTFN(5, ("ugenread: isoc got %d chars\n", n)); @@ -820,7 +820,7 @@ ugen_do_write(struct ugen_softc *sc, int endpt, struct uio *uio, int flag) error = EIO; goto done; } - while ((n = min(ugen_bbsize, uio->uio_resid)) != 0) { + while ((n = szmin(ugen_bbsize, uio->uio_resid)) != 0) { error = uiomove(buf, n, uio); if (error) break; @@ -845,8 +845,8 @@ ugen_do_write(struct ugen_softc *sc, int endpt, struct uio *uio, int flag) error = EIO; goto done; } - while ((n = min(UGETW(sce->edesc->wMaxPacketSize), - uio->uio_resid)) != 0) { + while ((n = szmin(UGETW(sce->edesc->wMaxPacketSize), + uio->uio_resid)) != 0) { error = uiomove(buf, n, uio); if (error) break; diff --git a/sys/dev/usbmisc/uhid/uhid.c b/sys/dev/usbmisc/uhid/uhid.c index c66b965016..8818eac76a 100644 --- a/sys/dev/usbmisc/uhid/uhid.c +++ b/sys/dev/usbmisc/uhid/uhid.c @@ -461,7 +461,7 @@ uhid_do_read(struct uhid_softc *sc, struct uio *uio, int flag) /* Transfer as many chunks as possible. */ while (sc->sc_q.c_cc > 0 && uio->uio_resid > 0 && !error) { - length = min(sc->sc_q.c_cc, uio->uio_resid); + length = szmin(sc->sc_q.c_cc, uio->uio_resid); if (length > sizeof(buffer)) length = sizeof(buffer); diff --git a/sys/dev/usbmisc/ulpt/ulpt.c b/sys/dev/usbmisc/ulpt/ulpt.c index d3754aa42c..70b5eba524 100644 --- a/sys/dev/usbmisc/ulpt/ulpt.c +++ b/sys/dev/usbmisc/ulpt/ulpt.c @@ -610,7 +610,7 @@ ulpt_do_write(struct ulpt_softc *sc, struct uio *uio, int flags) usbd_free_xfer(xfer); return (ENOMEM); } - while ((n = min(ULPT_BSIZE, uio->uio_resid)) != 0) { + while ((n = szmin(ULPT_BSIZE, uio->uio_resid)) != 0) { ulpt_statusmsg(ulpt_status(sc), sc); error = uiomove(bufp, n, uio); if (error) diff --git a/sys/dev/usbmisc/urio/urio.c b/sys/dev/usbmisc/urio/urio.c index b7a55ceb82..85349bc1ef 100644 --- a/sys/dev/usbmisc/urio/urio.c +++ b/sys/dev/usbmisc/urio/urio.c @@ -337,7 +337,7 @@ urioread(struct dev_read_args *ap) #endif if (reqh == 0) return ENOMEM; - while ((n = min(URIO_BBSIZE, uio->uio_resid)) != 0) { + while ((n = szmin(URIO_BBSIZE, uio->uio_resid)) != 0) { DPRINTFN(1, ("urioread: start transfer %d bytes\n", n)); tn = n; #if (USBDI >= 1) @@ -410,7 +410,7 @@ uriowrite(struct dev_write_args *ap) #endif if (reqh == 0) return EIO; - while ((n = min(URIO_BBSIZE, uio->uio_resid)) != 0) { + while ((n = szmin(URIO_BBSIZE, uio->uio_resid)) != 0) { error = uiomove(buf, n, uio); if (error) break; diff --git a/sys/dev/usbmisc/uscanner/uscanner.c b/sys/dev/usbmisc/uscanner/uscanner.c index 37fb997d45..9175a14ae5 100644 --- a/sys/dev/usbmisc/uscanner/uscanner.c +++ b/sys/dev/usbmisc/uscanner/uscanner.c @@ -519,7 +519,7 @@ uscanner_do_read(struct uscanner_softc *sc, struct uio *uio, int flag) if (sc->sc_dying) return (EIO); - while ((n = min(sc->sc_bulkin_bufferlen, uio->uio_resid)) != 0) { + while ((n = szmin(sc->sc_bulkin_bufferlen, uio->uio_resid)) != 0) { DPRINTFN(1, ("uscannerread: start transfer %d bytes\n",n)); tn = n; @@ -575,7 +575,7 @@ uscanner_do_write(struct uscanner_softc *sc, struct uio *uio, int flag) if (sc->sc_dying) return (EIO); - while ((n = min(sc->sc_bulkout_bufferlen, uio->uio_resid)) != 0) { + while ((n = szmin(sc->sc_bulkout_bufferlen, uio->uio_resid)) != 0) { error = uiomove(sc->sc_bulkout_buffer, n, uio); if (error) break; diff --git a/sys/dev/video/ctx/ctx.c b/sys/dev/video/ctx/ctx.c index 6432060080..0d1f9dc565 100644 --- a/sys/dev/video/ctx/ctx.c +++ b/sys/dev/video/ctx/ctx.c @@ -285,7 +285,7 @@ ctxwrite(struct dev_write_args *ap) else page = (u_int)uio->uio_offset / PAGESIZE; offset = (u_int)uio->uio_offset % PAGESIZE; - count = min(uio->uio_resid, PAGESIZE - offset); + count = (int)szmin(uio->uio_resid, PAGESIZE - offset); while ((page >= 0) && (page <= 3) && (count > 0)) { sr->cp0 &= ~3; sr->cp0 |= page; @@ -311,7 +311,7 @@ ctxwrite(struct dev_write_args *ap) page = (u_int)uio->uio_offset / PAGESIZE; offset = (u_int)uio->uio_offset % PAGESIZE; - count = min(uio->uio_resid, PAGESIZE - offset); + count = (int)szmin(uio->uio_resid, PAGESIZE - offset); } if (uio->uio_resid > 0) return (ENOSPC); @@ -339,7 +339,7 @@ ctxread(struct dev_read_args *ap) else page = (u_int)uio->uio_offset / PAGESIZE; offset = (u_int)uio->uio_offset % PAGESIZE; - count = min(uio->uio_resid, PAGESIZE - offset); + count = (int)szmin(uio->uio_resid, PAGESIZE - offset); while ((page >= 0) && (page <= 3) && (count > 0)) { sr->cp0 &= ~3; sr->cp0 |= page; @@ -363,7 +363,7 @@ ctxread(struct dev_read_args *ap) page = (u_int)uio->uio_offset / PAGESIZE; offset = (u_int)uio->uio_offset % PAGESIZE; - count = min(uio->uio_resid, PAGESIZE - offset); + count = (int)szmin(uio->uio_resid, PAGESIZE - offset); } if (uio->uio_resid > 0) return (ENOSPC); diff --git a/sys/dev/video/fb/fb.c b/sys/dev/video/fb/fb.c index 729c411ab9..da4099bb78 100644 --- a/sys/dev/video/fb/fb.c +++ b/sys/dev/video/fb/fb.c @@ -485,12 +485,13 @@ int genfbread(genfb_softc_t *sc, video_adapter_t *adp, struct uio *uio, if (uio->uio_offset >= size) break; offset = uio->uio_offset%adp->va_window_size; - len = imin(uio->uio_resid, size - uio->uio_offset); + len = (int)szmin(uio->uio_resid, size - uio->uio_offset); len = imin(len, adp->va_window_size - offset); if (len <= 0) break; (*vidsw[adp->va_index]->set_win_org)(adp, uio->uio_offset); - error = uiomove((caddr_t)(adp->va_window + offset), len, uio); + error = uiomove((caddr_t)(adp->va_window + offset), + (size_t)len, uio); if (error) break; } diff --git a/sys/emulation/43bsd/43bsd_file.c b/sys/emulation/43bsd/43bsd_file.c index 6c2714bbf6..3609f9bf89 100644 --- a/sys/emulation/43bsd/43bsd_file.c +++ b/sys/emulation/43bsd/43bsd_file.c @@ -74,7 +74,7 @@ sys_ocreat(struct ocreat_args *uap) error = nlookup_init(&nd, uap->path, UIO_USERSPACE, NLC_FOLLOW); if (error == 0) { error = kern_open(&nd, O_WRONLY | O_CREAT | O_TRUNC, - uap->mode, &uap->sysmsg_result); + uap->mode, &uap->sysmsg_iresult); } return (error); } @@ -184,6 +184,6 @@ sys_ogetdirentries(struct ogetdirentries_args *uap) kfree(destdp, M_TEMP); kfree(buf, M_TEMP); - uap->sysmsg_result = outbuf - uap->buf; + uap->sysmsg_iresult = (int)(outbuf - uap->buf); return (0); } diff --git a/sys/emulation/43bsd/43bsd_hostinfo.c b/sys/emulation/43bsd/43bsd_hostinfo.c index 35e5d40c71..4bfb08c7ea 100644 --- a/sys/emulation/43bsd/43bsd_hostinfo.c +++ b/sys/emulation/43bsd/43bsd_hostinfo.c @@ -317,7 +317,7 @@ sys_ogetkerninfo(struct getkerninfo_args *uap) } if (error) return (error); - uap->sysmsg_result = size; + uap->sysmsg_iresult = (int)size; if (uap->size) error = copyout((caddr_t)&size, (caddr_t)uap->size, sizeof(size)); diff --git a/sys/emulation/43bsd/43bsd_signal.c b/sys/emulation/43bsd/43bsd_signal.c index 865040069b..7743c2240e 100644 --- a/sys/emulation/43bsd/43bsd_signal.c +++ b/sys/emulation/43bsd/43bsd_signal.c @@ -119,7 +119,7 @@ sys_osigblock(struct osigblock_args *uap) OSIG2SIG(uap->mask, set); SIG_CANTMASK(set); crit_enter(); - SIG2OSIG(lp->lwp_sigmask, uap->sysmsg_result); + SIG2OSIG(lp->lwp_sigmask, uap->sysmsg_iresult); SIGSETOR(lp->lwp_sigmask, set); crit_exit(); return (0); @@ -134,7 +134,7 @@ sys_osigsetmask(struct osigsetmask_args *uap) OSIG2SIG(uap->mask, set); SIG_CANTMASK(set); crit_enter(); - SIG2OSIG(lp->lwp_sigmask, uap->sysmsg_result); + SIG2OSIG(lp->lwp_sigmask, uap->sysmsg_iresult); SIGSETLO(lp->lwp_sigmask, set); crit_exit(); return (0); diff --git a/sys/emulation/43bsd/43bsd_socket.c b/sys/emulation/43bsd/43bsd_socket.c index fafc5f7925..282ab727f9 100644 --- a/sys/emulation/43bsd/43bsd_socket.c +++ b/sys/emulation/43bsd/43bsd_socket.c @@ -109,7 +109,8 @@ sys_oaccept(struct accept_args *uap) if (error) return (error); - error = kern_accept(uap->s, 0, &sa, &sa_len, &uap->sysmsg_result); + error = kern_accept(uap->s, 0, &sa, &sa_len, + &uap->sysmsg_iresult); if (error) { /* @@ -128,7 +129,7 @@ sys_oaccept(struct accept_args *uap) if (sa) FREE(sa, M_SONAME); } else { - error = kern_accept(uap->s, 0, NULL, 0, &uap->sysmsg_result); + error = kern_accept(uap->s, 0, NULL, 0, &uap->sysmsg_iresult); } return (error); } @@ -196,7 +197,7 @@ sys_osend(struct osend_args *uap) auio.uio_td = td; error = kern_sendmsg(uap->s, NULL, &auio, NULL, uap->flags, - &uap->sysmsg_result); + &uap->sysmsg_szresult); return (error); } @@ -281,7 +282,7 @@ sys_osendmsg(struct osendmsg_args *uap) } error = kern_sendmsg(uap->s, sa, &auio, control, uap->flags, - &uap->sysmsg_result); + &uap->sysmsg_szresult); cleanup: iovec_free(&iov, aiov); @@ -310,7 +311,7 @@ sys_orecv(struct orecv_args *uap) auio.uio_td = td; error = kern_recvmsg(uap->s, NULL, &auio, NULL, &uap->flags, - &uap->sysmsg_result); + &uap->sysmsg_szresult); return (error); } @@ -344,7 +345,7 @@ sys_orecvfrom(struct recvfrom_args *uap) auio.uio_td = td; error = kern_recvmsg(uap->s, uap->from ? &sa : NULL, &auio, NULL, - &uap->flags, &uap->sysmsg_result); + &uap->flags, &uap->sysmsg_szresult); if (error == 0 && uap->from) { if (sa != NULL) { @@ -414,8 +415,9 @@ sys_orecvmsg(struct orecvmsg_args *uap) flags = msg.msg_flags; - error = kern_recvmsg(uap->s, msg.msg_name ? &sa : NULL, &auio, - msg.msg_control ? &control : NULL, &flags, &uap->sysmsg_result); + error = kern_recvmsg(uap->s, (msg.msg_name ? &sa : NULL), &auio, + (msg.msg_control ? &control : NULL), &flags, + &uap->sysmsg_szresult); /* * Copyout msg.msg_name and msg.msg_namelen. diff --git a/sys/emulation/43bsd/43bsd_vm.c b/sys/emulation/43bsd/43bsd_vm.c index c1643084b9..d65566f855 100644 --- a/sys/emulation/43bsd/43bsd_vm.c +++ b/sys/emulation/43bsd/43bsd_vm.c @@ -60,7 +60,7 @@ sys_ovadvise(struct ovadvise_args *uap) int sys_ogetpagesize(struct getpagesize_args *uap) { - uap->sysmsg_result = PAGE_SIZE; + uap->sysmsg_iresult = PAGE_SIZE; return (0); } diff --git a/sys/emulation/dragonfly12/dfbsd12_getdirentries.c b/sys/emulation/dragonfly12/dfbsd12_getdirentries.c index 168982ea34..f65dc1ebc6 100644 --- a/sys/emulation/dragonfly12/dfbsd12_getdirentries.c +++ b/sys/emulation/dragonfly12/dfbsd12_getdirentries.c @@ -119,8 +119,8 @@ sys_dfbsd12_getdirentries(struct dfbsd12_getdirentries_args *uap) long base; int error; - error = common_getdirentries(&base, &uap->sysmsg_result, uap->fd, - uap->buf, uap->count); + error = common_getdirentries(&base, &uap->sysmsg_iresult, uap->fd, + uap->buf, uap->count); if (error == 0) error = copyout(&base, uap->basep, sizeof(*uap->basep)); @@ -130,6 +130,6 @@ sys_dfbsd12_getdirentries(struct dfbsd12_getdirentries_args *uap) int sys_dfbsd12_getdents(struct dfbsd12_getdents_args *uap) { - return(common_getdirentries(NULL, &uap->sysmsg_result, uap->fd, - uap->buf, uap->count)); + return(common_getdirentries(NULL, &uap->sysmsg_iresult, uap->fd, + uap->buf, uap->count)); } diff --git a/sys/emulation/linux/i386/linprocfs/linprocfs_misc.c b/sys/emulation/linux/i386/linprocfs/linprocfs_misc.c index 7b41dcdc2a..34b3c94b20 100644 --- a/sys/emulation/linux/i386/linprocfs/linprocfs_misc.c +++ b/sys/emulation/linux/i386/linprocfs/linprocfs_misc.c @@ -306,7 +306,7 @@ linprocfs_doversion(struct proc *curp, struct proc *p, struct pfsnode *pfs, struct uio *uio) { char *ps; - int xlen; + size_t xlen; ps = version; /* XXX not entirely correct */ for (xlen = 0; ps[xlen] != '\n'; ++xlen) diff --git a/sys/emulation/linux/i386/linux_machdep.c b/sys/emulation/linux/i386/linux_machdep.c index 279ecea7aa..9cfd19a4ba 100644 --- a/sys/emulation/linux/i386/linux_machdep.c +++ b/sys/emulation/linux/i386/linux_machdep.c @@ -321,14 +321,14 @@ sys_linux_old_select(struct linux_old_select_args *args) if (error) return (error); - newsel.sysmsg_result = 0; + newsel.sysmsg_iresult = 0; newsel.nfds = linux_args.nfds; newsel.readfds = linux_args.readfds; newsel.writefds = linux_args.writefds; newsel.exceptfds = linux_args.exceptfds; newsel.timeout = linux_args.timeout; error = sys_linux_select(&newsel); - args->sysmsg_result = newsel.sysmsg_result; + args->sysmsg_iresult = newsel.sysmsg_iresult; return(error); } @@ -345,8 +345,8 @@ sys_linux_fork(struct linux_fork_args *args) if ((error = sys_fork((struct fork_args *)args)) != 0) return (error); - if (args->sysmsg_result == 1) - args->sysmsg_result = 0; + if (args->sysmsg_iresult == 1) + args->sysmsg_iresult = 0; return (0); } @@ -356,10 +356,10 @@ sys_linux_exit_group(struct linux_exit_group_args *args) struct exit_args newargs; int error; - newargs.sysmsg_result = 0; + newargs.sysmsg_iresult = 0; newargs.rval = args->rval; error = sys_exit(&newargs); - args->sysmsg_result = newargs.sysmsg_result; + args->sysmsg_iresult = newargs.sysmsg_iresult; return (error); } @@ -376,8 +376,8 @@ sys_linux_vfork(struct linux_vfork_args *args) if ((error = sys_vfork((struct vfork_args *)args)) != 0) return (error); /* Are we the child? */ - if (args->sysmsg_result == 1) - args->sysmsg_result = 0; + if (args->sysmsg_iresult == 1) + args->sysmsg_iresult = 0; return (0); } @@ -429,12 +429,12 @@ sys_linux_clone(struct linux_clone_args *args) start = 0; rf_args.flags = ff; - rf_args.sysmsg_result = 0; + rf_args.sysmsg_iresult = 0; if ((error = sys_rfork(&rf_args)) != 0) return (error); - args->sysmsg_result = rf_args.sysmsg_result; + args->sysmsg_iresult = rf_args.sysmsg_iresult; - p2 = pfind(rf_args.sysmsg_result); + p2 = pfind(rf_args.sysmsg_iresult); if (p2 == NULL) return (ESRCH); @@ -712,10 +712,10 @@ sys_linux_modify_ldt(struct linux_modify_ldt_args *uap) ldt->num = uap->bytecount / sizeof(union descriptor); args.op = I386_GET_LDT; args.parms = (char*)ldt; - args.sysmsg_result = 0; + args.sysmsg_iresult = 0; error = sys_sysarch(&args); - uap->sysmsg_result = args.sysmsg_result * - sizeof(union descriptor); + uap->sysmsg_iresult = args.sysmsg_iresult * + sizeof(union descriptor); break; case 0x01: /* write_ldt */ case 0x11: /* write_ldt */ @@ -744,9 +744,9 @@ sys_linux_modify_ldt(struct linux_modify_ldt_args *uap) desc->sd.sd_gran = ld.limit_in_pages; args.op = I386_SET_LDT; args.parms = (char*)ldt; - args.sysmsg_result = 0; + args.sysmsg_iresult = 0; error = sys_sysarch(&args); - uap->sysmsg_result = args.sysmsg_result; + uap->sysmsg_iresult = args.sysmsg_iresult; break; default: error = EINVAL; diff --git a/sys/emulation/linux/i386/linux_ptrace.c b/sys/emulation/linux/i386/linux_ptrace.c index 97844feaba..b6c3cc0d8d 100644 --- a/sys/emulation/linux/i386/linux_ptrace.c +++ b/sys/emulation/linux/i386/linux_ptrace.c @@ -277,7 +277,7 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) case PTRACE_POKEDATA: case PTRACE_KILL: error = kern_ptrace(curp, req, pid, addr, uap->data, - &uap->sysmsg_result); + &uap->sysmsg_iresult); break; case PTRACE_PEEKTEXT: case PTRACE_PEEKDATA: { @@ -291,25 +291,26 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) } case PTRACE_DETACH: error = kern_ptrace(curp, PT_DETACH, pid, (void *)1, - map_signum(uap->data), &uap->sysmsg_result); + map_signum(uap->data), + &uap->sysmsg_iresult); break; case PTRACE_SINGLESTEP: case PTRACE_CONT: error = kern_ptrace(curp, req, pid, (void *)1, - map_signum(uap->data), &uap->sysmsg_result); + map_signum(uap->data), + &uap->sysmsg_iresult); break; case PTRACE_ATTACH: error = kern_ptrace(curp, PT_ATTACH, pid, addr, uap->data, - &uap->sysmsg_result); + &uap->sysmsg_iresult); break; case PTRACE_GETREGS: /* Linux is using data where FreeBSD is using addr */ error = kern_ptrace(curp, PT_GETREGS, pid, &u.bsd_reg, 0, - &uap->sysmsg_result); + &uap->sysmsg_iresult); if (error == 0) { map_regs_to_linux(&u.bsd_reg, &r.reg); - error = copyout(&r.reg, (caddr_t)uap->data, - sizeof(r.reg)); + error = copyout(&r.reg, uap->data, sizeof(r.reg)); } break; case PTRACE_SETREGS: @@ -317,13 +318,14 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) error = copyin((caddr_t)uap->data, &r.reg, sizeof(r.reg)); if (error == 0) { map_regs_from_linux(&u.bsd_reg, &r.reg); - error = kern_ptrace(curp, PT_SETREGS, pid, &u.bsd_reg, 0, &uap->sysmsg_result); + error = kern_ptrace(curp, PT_SETREGS, pid, &u.bsd_reg, + 0, &uap->sysmsg_iresult); } break; case PTRACE_GETFPREGS: /* Linux is using data where FreeBSD is using addr */ - error = kern_ptrace(curp, PT_GETFPREGS, pid, &u.bsd_fpreg, 0, - &uap->sysmsg_result); + error = kern_ptrace(curp, PT_GETFPREGS, pid, &u.bsd_fpreg, + 0, &uap->sysmsg_iresult); if (error == 0) { map_fpregs_to_linux(&u.bsd_fpreg, &r.fpreg); error = copyout(&r.fpreg, (caddr_t)uap->data, @@ -336,7 +338,8 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) if (error == 0) { map_fpregs_from_linux(&u.bsd_fpreg, &r.fpreg); error = kern_ptrace(curp, PT_SETFPREGS, pid, - &u.bsd_fpreg, 0, &uap->sysmsg_result); + &u.bsd_fpreg, + 0, &uap->sysmsg_iresult); } break; case PTRACE_SETFPXREGS: @@ -434,7 +437,8 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) * as necessary. */ if (uap->addr < sizeof(struct linux_pt_reg)) { - error = kern_ptrace(curp, PT_GETREGS, pid, &u.bsd_reg, 0, &uap->sysmsg_result); + error = kern_ptrace(curp, PT_GETREGS, pid, &u.bsd_reg, + 0, &uap->sysmsg_iresult); if (error != 0) break; @@ -449,7 +453,8 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) (l_int)uap->data; map_regs_from_linux(&u.bsd_reg, &r.reg); - error = kern_ptrace(curp, PT_SETREGS, pid, &u.bsd_reg, 0, &uap->sysmsg_result); + error = kern_ptrace(curp, PT_SETREGS, pid, &u.bsd_reg, + 0, &uap->sysmsg_iresult); } /* @@ -458,7 +463,8 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) if (uap->addr >= LINUX_DBREG_OFFSET && uap->addr <= LINUX_DBREG_OFFSET + LINUX_DBREG_SIZE) { error = kern_ptrace(curp, PT_GETDBREGS, pid, - &u.bsd_dbreg, 0, &uap->sysmsg_result); + &u.bsd_dbreg, + 0, &uap->sysmsg_iresult); if (error != 0) break; @@ -473,7 +479,8 @@ sys_linux_ptrace(struct linux_ptrace_args *uap) *(l_int *)((char *)&u.bsd_dbreg + uap->addr) = uap->data; error = kern_ptrace(curp, PT_SETDBREGS, pid, - &u.bsd_dbreg, 0, &uap->sysmsg_result); + &u.bsd_dbreg, + 0, &uap->sysmsg_iresult); } break; diff --git a/sys/emulation/linux/linux_file.c b/sys/emulation/linux/linux_file.c index 341aa77231..f2a78a2ea0 100644 --- a/sys/emulation/linux/linux_file.c +++ b/sys/emulation/linux/linux_file.c @@ -75,7 +75,7 @@ sys_linux_creat(struct linux_creat_args *args) error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW); if (error == 0) { error = kern_open(&nd, O_WRONLY | O_CREAT | O_TRUNC, - args->mode, &args->sysmsg_result); + args->mode, &args->sysmsg_iresult); } linux_free_path(&path); return(error); @@ -135,14 +135,14 @@ sys_linux_open(struct linux_open_args *args) error = nlookup_init(&nd, path, UIO_SYSSPACE, NLC_FOLLOW); if (error == 0) { error = kern_open(&nd, flags, - args->mode, &args->sysmsg_result); + args->mode, &args->sysmsg_iresult); } if (error == 0 && !(flags & O_NOCTTY) && SESS_LEADER(p) && !(p->p_flag & P_CONTROLT)) { struct file *fp; - fp = holdfp(p->p_fd, args->sysmsg_result, -1); + fp = holdfp(p->p_fd, args->sysmsg_iresult, -1); if (fp) { if (fp->f_type == DTYPE_VNODE) fo_ioctl(fp, TIOCSCTTY, NULL, p->p_ucred); @@ -202,9 +202,9 @@ sys_linux_readdir(struct linux_readdir_args *args) lda.fd = args->fd; lda.dent = args->dent; lda.count = -1; - lda.sysmsg_result = 0; + lda.sysmsg_iresult = 0; error = sys_linux_getdents(&lda); - args->sysmsg_result = lda.sysmsg_result; + args->sysmsg_iresult = lda.sysmsg_iresult; return(error); } @@ -245,9 +245,11 @@ getdents_common(struct linux_getdents64_args *args, int is64bit) struct dirent *bdp; struct vnode *vp; caddr_t inp, buf; /* BSD-format */ - int len, reclen; /* BSD-format */ + int reclen; /* BSD-format */ + size_t len; caddr_t outp; /* Linux-format */ - int resid, linuxreclen=0; /* Linux-format */ + int linuxreclen = 0; /* Linux-format */ + size_t resid; struct file *fp; struct uio auio; struct iovec aiov; @@ -255,7 +257,8 @@ getdents_common(struct linux_getdents64_args *args, int is64bit) off_t off; struct l_dirent linux_dirent; struct l_dirent64 linux_dirent64; - int buflen, error, eofflag, nbytes, justone; + int error, eofflag, justone; + size_t buflen, nbytes; off_t *cookies = NULL, *cookiep; int ncookies; @@ -279,7 +282,7 @@ getdents_common(struct linux_getdents64_args *args, int is64bit) goto done; nbytes = args->count; - if (nbytes == -1) { + if (nbytes == (size_t)-1) { /* readdir(2) case. Always struct dirent. */ if (is64bit) { error = EINVAL; @@ -290,7 +293,7 @@ getdents_common(struct linux_getdents64_args *args, int is64bit) } else { justone = 0; } - if (nbytes < 0) + if ((size_t)nbytes < 0) nbytes = 0; off = fp->f_offset; @@ -324,9 +327,9 @@ again: inp = buf; outp = (caddr_t)args->dirent; resid = nbytes; - if ((len = buflen - auio.uio_resid) <= 0) + if (auio.uio_resid >= buflen); goto eof; - + len = buflen - auio.uio_resid; cookiep = cookies; if (cookies) { @@ -437,7 +440,7 @@ again: nbytes = resid + linuxreclen; eof: - args->sysmsg_result = nbytes - resid; + args->sysmsg_iresult = (int)(nbytes - resid); out: if (cookies) @@ -689,7 +692,7 @@ sys_linux_readlink(struct linux_readlink_args *args) error = nlookup_init(&nd, path, UIO_SYSSPACE, 0); if (error == 0) { error = kern_readlink(&nd, args->buf, args->count, - &args->sysmsg_result); + &args->sysmsg_iresult); } nlookup_done(&nd); linux_free_path(&path); @@ -811,10 +814,10 @@ sys_linux_fdatasync(struct linux_fdatasync_args *uap) int error; bsd.fd = uap->fd; - bsd.sysmsg_result = 0; + bsd.sysmsg_iresult = 0; error = sys_fsync(&bsd); - uap->sysmsg_result = bsd.sysmsg_result; + uap->sysmsg_iresult = bsd.sysmsg_iresult; return(error); } @@ -836,10 +839,12 @@ sys_linux_pread(struct linux_pread_args *uap) auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; - if (auio.uio_resid < 0) + if ((ssize_t)auio.uio_resid < 0) { error = EINVAL; - else - error = kern_preadv(uap->fd, &auio, O_FOFFSET, &uap->sysmsg_result); + } else { + error = kern_preadv(uap->fd, &auio, O_FOFFSET, + &uap->sysmsg_szresult); + } return(error); } @@ -861,11 +866,12 @@ sys_linux_pwrite(struct linux_pwrite_args *uap) auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; - if (auio.uio_resid < 0) + if ((ssize_t)auio.uio_resid < 0) { error = EINVAL; - else - error = kern_pwritev(uap->fd, &auio, O_FOFFSET, &uap->sysmsg_result); - + } else { + error = kern_pwritev(uap->fd, &auio, O_FOFFSET, + &uap->sysmsg_szresult); + } return(error); } @@ -877,9 +883,9 @@ sys_linux_oldumount(struct linux_oldumount_args *args) args2.path = args->path; args2.flags = 0; - args2.sysmsg_result = 0; + args2.sysmsg_iresult = 0; error = sys_linux_umount(&args2); - args->sysmsg_result = args2.sysmsg_result; + args->sysmsg_iresult = args2.sysmsg_iresult; return(error); } @@ -891,10 +897,10 @@ sys_linux_umount(struct linux_umount_args *args) bsd.path = args->path; bsd.flags = args->flags; /* XXX correct? */ - bsd.sysmsg_result = 0; + bsd.sysmsg_iresult = 0; error = sys_unmount(&bsd); - args->sysmsg_result = bsd.sysmsg_result; + args->sysmsg_iresult = bsd.sysmsg_iresult; return(error); } @@ -1081,29 +1087,29 @@ linux_fcntl_common(struct linux_fcntl64_args *args) if (error == 0) { switch (args->cmd) { case LINUX_F_DUPFD: - args->sysmsg_result = dat.fc_fd; + args->sysmsg_iresult = dat.fc_fd; break; case LINUX_F_GETFD: - args->sysmsg_result = dat.fc_cloexec; + args->sysmsg_iresult = dat.fc_cloexec; break; case LINUX_F_SETFD: break; case LINUX_F_GETFL: - args->sysmsg_result = 0; + args->sysmsg_iresult = 0; if (dat.fc_flags & O_RDONLY) - args->sysmsg_result |= LINUX_O_RDONLY; + args->sysmsg_iresult |= LINUX_O_RDONLY; if (dat.fc_flags & O_WRONLY) - args->sysmsg_result |= LINUX_O_WRONLY; + args->sysmsg_iresult |= LINUX_O_WRONLY; if (dat.fc_flags & O_RDWR) - args->sysmsg_result |= LINUX_O_RDWR; + args->sysmsg_iresult |= LINUX_O_RDWR; if (dat.fc_flags & O_NDELAY) - args->sysmsg_result |= LINUX_O_NONBLOCK; + args->sysmsg_iresult |= LINUX_O_NONBLOCK; if (dat.fc_flags & O_APPEND) - args->sysmsg_result |= LINUX_O_APPEND; + args->sysmsg_iresult |= LINUX_O_APPEND; if (dat.fc_flags & O_FSYNC) - args->sysmsg_result |= LINUX_O_SYNC; + args->sysmsg_iresult |= LINUX_O_SYNC; if (dat.fc_flags & O_ASYNC) - args->sysmsg_result |= LINUX_FASYNC; + args->sysmsg_iresult |= LINUX_FASYNC; break; case LINUX_F_GETLK: bsd_to_linux_flock(&dat.fc_flock, &linux_flock); @@ -1114,7 +1120,7 @@ linux_fcntl_common(struct linux_fcntl64_args *args) case LINUX_F_SETLKW: break; case LINUX_F_GETOWN: - args->sysmsg_result = dat.fc_owner; + args->sysmsg_iresult = dat.fc_owner; break; case LINUX_F_SETOWN: break; @@ -1138,9 +1144,9 @@ sys_linux_fcntl(struct linux_fcntl_args *args) args64.fd = args->fd; args64.cmd = args->cmd; args64.arg = args->arg; - args64.sysmsg_result = 0; + args64.sysmsg_iresult = 0; error = linux_fcntl_common(&args64); - args->sysmsg_result = args64.sysmsg_result; + args->sysmsg_iresult = args64.sysmsg_iresult; return(error); } diff --git a/sys/emulation/linux/linux_socket.c b/sys/emulation/linux/linux_socket.c index d7749eb632..6ebc142a6b 100644 --- a/sys/emulation/linux/linux_socket.c +++ b/sys/emulation/linux/linux_socket.c @@ -566,7 +566,7 @@ struct linux_send_args { }; static int -linux_send(struct linux_send_args *args, int *res) +linux_send(struct linux_send_args *args, size_t *res) { struct linux_send_args linux_args; struct thread *td = curthread; @@ -589,7 +589,7 @@ linux_send(struct linux_send_args *args, int *res) auio.uio_td = td; error = kern_sendmsg(linux_args.s, NULL, &auio, NULL, - linux_args.flags, res); + linux_args.flags, res); return(error); } @@ -602,7 +602,7 @@ struct linux_recv_args { }; static int -linux_recv(struct linux_recv_args *args, int *res) +linux_recv(struct linux_recv_args *args, size_t *res) { struct linux_recv_args linux_args; struct thread *td = curthread; @@ -625,7 +625,7 @@ linux_recv(struct linux_recv_args *args, int *res) auio.uio_td = td; error = kern_recvmsg(linux_args.s, NULL, &auio, NULL, - &linux_args.flags, res); + &linux_args.flags, res); return(error); } @@ -640,7 +640,7 @@ struct linux_sendto_args { }; static int -linux_sendto(struct linux_sendto_args *args, int *res) +linux_sendto(struct linux_sendto_args *args, size_t *res) { struct linux_sendto_args linux_args; struct thread *td = curthread; @@ -722,8 +722,8 @@ linux_sendto(struct linux_sendto_args *args, int *res) auio.uio_td = td; } - error = kern_sendmsg(linux_args.s, sa, &auio, NULL, linux_args.flags, - res); + error = kern_sendmsg(linux_args.s, sa, &auio, NULL, + linux_args.flags, res); cleanup: if (sa) @@ -743,7 +743,7 @@ struct linux_recvfrom_args { }; static int -linux_recvfrom(struct linux_recvfrom_args *args, int *res) +linux_recvfrom(struct linux_recvfrom_args *args, size_t *res) { struct linux_recvfrom_args linux_args; struct thread *td = curthread; @@ -778,7 +778,7 @@ linux_recvfrom(struct linux_recvfrom_args *args, int *res) flags = linux_to_bsd_msg_flags(linux_args.flags); error = kern_recvmsg(linux_args.s, linux_args.from ? &sa : NULL, &auio, - NULL, &flags, res); + NULL, &flags, res); if (error == 0 && linux_args.from) { if (sa != NULL) { @@ -804,7 +804,7 @@ struct linux_sendmsg_args { }; static int -linux_sendmsg(struct linux_sendmsg_args *args, int *res) +linux_sendmsg(struct linux_sendmsg_args *args, size_t *res) { struct linux_sendmsg_args linux_args; struct thread *td = curthread; @@ -883,7 +883,7 @@ linux_sendmsg(struct linux_sendmsg_args *args, int *res) } error = kern_sendmsg(linux_args.s, sa, &auio, control, - linux_args.flags, res); + linux_args.flags, res); cleanup: iovec_free(&iov, aiov); @@ -900,7 +900,7 @@ struct linux_recvmsg_args { }; static int -linux_recvmsg(struct linux_recvmsg_args *args, int *res) +linux_recvmsg(struct linux_recvmsg_args *args, size_t *res) { struct linux_recvmsg_args linux_args; struct thread *td = curthread; @@ -950,7 +950,7 @@ linux_recvmsg(struct linux_recvmsg_args *args, int *res) flags = linux_to_bsd_msg_flags(linux_args.flags); error = kern_recvmsg(linux_args.s, msg.msg_name ? &sa : NULL, &auio, - msg.msg_control ? &control : NULL, &flags, res); + msg.msg_control ? &control : NULL, &flags, res); /* * Copyout msg.msg_name and msg.msg_namelen. @@ -1213,13 +1213,13 @@ sys_linux_socketcall(struct linux_socketcall_args *args) case LINUX_SOCKETPAIR: return (linux_socketpair(arg, &args->sysmsg_result)); case LINUX_SEND: - return (linux_send(arg, &args->sysmsg_result)); + return (linux_send(arg, &args->sysmsg_szresult)); case LINUX_RECV: - return (linux_recv(arg, &args->sysmsg_result)); + return (linux_recv(arg, &args->sysmsg_szresult)); case LINUX_SENDTO: - return (linux_sendto(arg, &args->sysmsg_result)); + return (linux_sendto(arg, &args->sysmsg_szresult)); case LINUX_RECVFROM: - return (linux_recvfrom(arg, &args->sysmsg_result)); + return (linux_recvfrom(arg, &args->sysmsg_szresult)); case LINUX_SHUTDOWN: return (linux_shutdown(arg, &args->sysmsg_result)); case LINUX_SETSOCKOPT: @@ -1227,9 +1227,9 @@ sys_linux_socketcall(struct linux_socketcall_args *args) case LINUX_GETSOCKOPT: return (linux_getsockopt(arg, &args->sysmsg_result)); case LINUX_SENDMSG: - return (linux_sendmsg(arg, &args->sysmsg_result)); + return (linux_sendmsg(arg, &args->sysmsg_szresult)); case LINUX_RECVMSG: - return (linux_recvmsg(arg, &args->sysmsg_result)); + return (linux_recvmsg(arg, &args->sysmsg_szresult)); } uprintf("LINUX: 'socket' typ=%d not implemented\n", args->what); diff --git a/sys/kern/kern_fp.c b/sys/kern/kern_fp.c index 564c6e64dc..470eed1bb5 100644 --- a/sys/kern/kern_fp.c +++ b/sys/kern/kern_fp.c @@ -215,7 +215,7 @@ fp_pread(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res, if (res) *res = 0; - if (nbytes > INT_MAX) + if (nbytes > LONG_MAX) return (EINVAL); bzero(&auio, sizeof(auio)); aiov.iov_base = (caddr_t)buf; @@ -254,7 +254,7 @@ fp_read(file_t fp, void *buf, size_t nbytes, ssize_t *res, int all, if (res) *res = 0; - if (nbytes > INT_MAX) + if (nbytes > LONG_MAX) return (EINVAL); bzero(&auio, sizeof(auio)); aiov.iov_base = (caddr_t)buf; @@ -312,7 +312,7 @@ fp_pwrite(file_t fp, void *buf, size_t nbytes, off_t offset, ssize_t *res, if (res) *res = 0; - if (nbytes > INT_MAX) + if (nbytes > LONG_MAX) return (EINVAL); bzero(&auio, sizeof(auio)); aiov.iov_base = (caddr_t)buf; @@ -351,7 +351,7 @@ fp_write(file_t fp, void *buf, size_t nbytes, ssize_t *res, enum uio_seg seg) if (res) *res = 0; - if (nbytes > INT_MAX) + if (nbytes > LONG_MAX) return (EINVAL); bzero(&auio, sizeof(auio)); aiov.iov_base = (caddr_t)buf; diff --git a/sys/kern/kern_subr.c b/sys/kern/kern_subr.c index 87c68f4bbf..e07f91e029 100644 --- a/sys/kern/kern_subr.c +++ b/sys/kern/kern_subr.c @@ -68,12 +68,17 @@ SYSCTL_INT(_kern, KERN_IOV_MAX, iov_max, CTLFLAG_RD, NULL, UIO_MAXIOV, * UIO_WRITE: copy the user or kernelspace UIO to the kernelspace cp * * For userspace UIO's, uio_td must be the current thread. + * + * The syscall interface is responsible for limiting the length to + * ssize_t for things like read() or write() which return the bytes + * read or written as ssize_t. These functions work with unsigned + * lengths. */ int -uiomove(caddr_t cp, int n, struct uio *uio) +uiomove(caddr_t cp, size_t n, struct uio *uio) { struct iovec *iov; - u_int cnt; + size_t cnt; int error = 0; int save = 0; int baseticks = ticks; @@ -136,84 +141,19 @@ uiomove(caddr_t cp, int n, struct uio *uio) } /* * Wrapper for uiomove() that validates the arguments against a known-good - * kernel buffer.  Currently, uiomove accepts a signed (n) argument, which - * is almost definitely a bad thing, so we catch that here as well.  We - * return a runtime failure, but it might be desirable to generate a runtime - * assertion failure instead. + * kernel buffer. */ int -uiomove_frombuf(void *buf, int buflen, struct uio *uio) +uiomove_frombuf(void *buf, size_t buflen, struct uio *uio) { - unsigned int offset, n; + size_t offset; - if (uio->uio_offset < 0 || uio->uio_resid < 0 || - (offset = uio->uio_offset) != uio->uio_offset) + offset = (size_t)uio->uio_offset; + if ((off_t)offset != uio->uio_offset) return (EINVAL); - if (buflen <= 0 || offset >= buflen) + if (buflen == 0 || offset >= buflen) return (0); - if ((n = buflen - offset) > INT_MAX) - return (EINVAL); - return (uiomove((char *)buf + offset, n, uio)); -} - - -int -uiomoveco(caddr_t cp, int n, struct uio *uio, struct vm_object *obj) -{ - struct iovec *iov; - u_int cnt; - int error; - int baseticks = ticks; - - KASSERT(uio->uio_rw == UIO_READ || uio->uio_rw == UIO_WRITE, - ("uiomoveco: mode")); - KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, - ("uiomoveco proc")); - - while (n > 0 && uio->uio_resid) { - iov = uio->uio_iov; - cnt = iov->iov_len; - if (cnt == 0) { - uio->uio_iov++; - uio->uio_iovcnt--; - continue; - } - if (cnt > n) - cnt = n; - - switch (uio->uio_segflg) { - - case UIO_USERSPACE: - if (ticks - baseticks >= hogticks) { - uio_yield(); - baseticks = ticks; - } - if (uio->uio_rw == UIO_READ) { - error = copyout(cp, iov->iov_base, cnt); - } else { - error = copyin(iov->iov_base, cp, cnt); - } - if (error) - return (error); - break; - - case UIO_SYSSPACE: - if (uio->uio_rw == UIO_READ) - bcopy((caddr_t)cp, iov->iov_base, cnt); - else - bcopy(iov->iov_base, (caddr_t)cp, cnt); - break; - case UIO_NOCOPY: - break; - } - iov->iov_base = (char *)iov->iov_base + cnt; - iov->iov_len -= cnt; - uio->uio_resid -= cnt; - uio->uio_offset += cnt; - cp += cnt; - n -= cnt; - } - return (0); + return (uiomove((char *)buf + offset, buflen - offset, uio)); } /* @@ -320,10 +260,11 @@ phashinit(int elements, struct malloc_type *type, u_long *nentries) */ int iovec_copyin(struct iovec *uiov, struct iovec **kiov, struct iovec *siov, - size_t iov_cnt, int *iov_len) + size_t iov_cnt, size_t *iov_len) { struct iovec *iovp; int error, i; + size_t len; if (iov_cnt > UIO_MAXIOV) return EMSGSIZE; @@ -341,12 +282,26 @@ iovec_copyin(struct iovec *uiov, struct iovec **kiov, struct iovec *siov, * Check for both *iov_len overflows and out of * range iovp->iov_len's. We limit to the * capabilities of signed integers. + * + * GCC4 - overflow check opt requires assign/test. */ - if (*iov_len + (int)iovp->iov_len < *iov_len) + len = *iov_len + iovp->iov_len; + if (len < *iov_len) error = EINVAL; - *iov_len += (int)iovp->iov_len; + *iov_len = len; } } + + /* + * From userland disallow iovec's which exceed the sized size + * limit as the system calls return ssize_t. + * + * NOTE: Internal kernel interfaces can handle the unsigned + * limit. + */ + if (error == 0 && (ssize_t)*iov_len < 0) + error = EINVAL; + if (error) iovec_free(kiov, siov); return (error); @@ -396,7 +351,7 @@ iovec_copyin(struct iovec *uiov, struct iovec **kiov, struct iovec *siov, * the creation and destruction of ephemeral mappings. */ int -uiomove_fromphys(vm_page_t *ma, vm_offset_t offset, int n, struct uio *uio) +uiomove_fromphys(vm_page_t *ma, vm_offset_t offset, size_t n, struct uio *uio) { struct sf_buf *sf; struct thread *td = curthread; diff --git a/sys/kern/kern_xio.c b/sys/kern/kern_xio.c index 2024627e13..beac0b6c00 100644 --- a/sys/kern/kern_xio.c +++ b/sys/kern/kern_xio.c @@ -266,10 +266,10 @@ xio_release(xio_t xio) * UIO_WRITE uio -> xio */ int -xio_uio_copy(xio_t xio, int uoffset, struct uio *uio, int *sizep) +xio_uio_copy(xio_t xio, int uoffset, struct uio *uio, size_t *sizep) { + size_t bytes; int error; - int bytes; bytes = xio->xio_bytes - uoffset; if (bytes > uio->uio_resid) diff --git a/sys/kern/subr_log.c b/sys/kern/subr_log.c index e2ea11919b..4e68248212 100644 --- a/sys/kern/subr_log.c +++ b/sys/kern/subr_log.c @@ -146,11 +146,11 @@ logread(struct dev_read_args *ap) l = mbp->msg_bufx - mbp->msg_bufr; if (l < 0) l = mbp->msg_size - mbp->msg_bufr; - l = min(l, uio->uio_resid); + l = (long)szmin(l, uio->uio_resid); if (l == 0) break; error = uiomove((caddr_t)msgbufp->msg_ptr + mbp->msg_bufr, - (int)l, uio); + (size_t)l, uio); if (error) break; mbp->msg_bufr += l; diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c index d403a3980a..4fa279410f 100644 --- a/sys/kern/subr_prf.c +++ b/sys/kern/subr_prf.c @@ -262,8 +262,8 @@ log_console(struct uio *uio) nl = 0; while (uio->uio_resid > 0) { - c = imin(uio->uio_resid, CONSCHUNK); - error = uiomove(consbuffer, c, uio); + c = (int)szmin(uio->uio_resid, CONSCHUNK); + error = uiomove(consbuffer, (size_t)c, uio); if (error != 0) break; for (i = 0; i < c; i++) { diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c index af8b68719b..34e9e2dd2f 100644 --- a/sys/kern/sys_generic.c +++ b/sys/kern/sys_generic.c @@ -82,8 +82,8 @@ static int doselect(int nd, fd_set *in, fd_set *ou, fd_set *ex, static int pollscan (struct proc *, struct pollfd *, u_int, int *); static int selscan (struct proc *, fd_mask **, fd_mask **, int, int *); -static int dofileread(int, struct file *, struct uio *, int, int *); -static int dofilewrite(int, struct file *, struct uio *, int, int *); +static int dofileread(int, struct file *, struct uio *, int, size_t *); +static int dofilewrite(int, struct file *, struct uio *, int, size_t *); /* * Read system call. @@ -98,6 +98,9 @@ sys_read(struct read_args *uap) struct iovec aiov; int error; + if ((ssize_t)uap->nbyte < 0) + error = EINVAL; + aiov.iov_base = uap->buf; aiov.iov_len = uap->nbyte; auio.uio_iov = &aiov; @@ -108,10 +111,7 @@ sys_read(struct read_args *uap) auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; - if (auio.uio_resid < 0) - error = EINVAL; - else - error = kern_preadv(uap->fd, &auio, 0, &uap->sysmsg_result); + error = kern_preadv(uap->fd, &auio, 0, &uap->sysmsg_szresult); return(error); } @@ -129,6 +129,9 @@ sys_extpread(struct extpread_args *uap) int error; int flags; + if ((ssize_t)uap->nbyte < 0) + return(EINVAL); + aiov.iov_base = uap->buf; aiov.iov_len = uap->nbyte; auio.uio_iov = &aiov; @@ -143,10 +146,7 @@ sys_extpread(struct extpread_args *uap) if (uap->offset != (off_t)-1) flags |= O_FOFFSET; - if (auio.uio_resid < 0) - error = EINVAL; - else - error = kern_preadv(uap->fd, &auio, flags, &uap->sysmsg_result); + error = kern_preadv(uap->fd, &auio, flags, &uap->sysmsg_szresult); return(error); } @@ -174,7 +174,7 @@ sys_readv(struct readv_args *uap) auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; - error = kern_preadv(uap->fd, &auio, 0, &uap->sysmsg_result); + error = kern_preadv(uap->fd, &auio, 0, &uap->sysmsg_szresult); iovec_free(&iov, aiov); return (error); @@ -210,7 +210,7 @@ sys_extpreadv(struct extpreadv_args *uap) if (uap->offset != (off_t)-1) flags |= O_FOFFSET; - error = kern_preadv(uap->fd, &auio, flags, &uap->sysmsg_result); + error = kern_preadv(uap->fd, &auio, flags, &uap->sysmsg_szresult); iovec_free(&iov, aiov); return(error); @@ -220,7 +220,7 @@ sys_extpreadv(struct extpreadv_args *uap) * MPSAFE */ int -kern_preadv(int fd, struct uio *auio, int flags, int *res) +kern_preadv(int fd, struct uio *auio, int flags, size_t *res) { struct thread *td = curthread; struct proc *p = td->td_proc; @@ -234,8 +234,6 @@ kern_preadv(int fd, struct uio *auio, int flags, int *res) return (EBADF); if (flags & O_FOFFSET && fp->f_type != DTYPE_VNODE) { error = ESPIPE; - } else if (auio->uio_resid < 0) { - error = EINVAL; } else { error = dofileread(fd, fp, auio, flags, res); } @@ -250,11 +248,11 @@ kern_preadv(int fd, struct uio *auio, int flags, int *res) * MPALMOSTSAFE - ktrace needs help */ static int -dofileread(int fd, struct file *fp, struct uio *auio, int flags, int *res) +dofileread(int fd, struct file *fp, struct uio *auio, int flags, size_t *res) { struct thread *td = curthread; int error; - int len; + size_t len; #ifdef KTRACE struct iovec *ktriov = NULL; struct uio ktruio; @@ -310,6 +308,9 @@ sys_write(struct write_args *uap) struct iovec aiov; int error; + if ((ssize_t)uap->nbyte < 0) + error = EINVAL; + aiov.iov_base = (void *)(uintptr_t)uap->buf; aiov.iov_len = uap->nbyte; auio.uio_iov = &aiov; @@ -320,10 +321,7 @@ sys_write(struct write_args *uap) auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; - if (auio.uio_resid < 0) - error = EINVAL; - else - error = kern_pwritev(uap->fd, &auio, 0, &uap->sysmsg_result); + error = kern_pwritev(uap->fd, &auio, 0, &uap->sysmsg_szresult); return(error); } @@ -342,6 +340,9 @@ sys_extpwrite(struct extpwrite_args *uap) int error; int flags; + if ((ssize_t)uap->nbyte < 0) + error = EINVAL; + aiov.iov_base = (void *)(uintptr_t)uap->buf; aiov.iov_len = uap->nbyte; auio.uio_iov = &aiov; @@ -355,12 +356,7 @@ sys_extpwrite(struct extpwrite_args *uap) flags = uap->flags & O_FMASK; if (uap->offset != (off_t)-1) flags |= O_FOFFSET; - - if (auio.uio_resid < 0) - error = EINVAL; - else - error = kern_pwritev(uap->fd, &auio, flags, &uap->sysmsg_result); - + error = kern_pwritev(uap->fd, &auio, flags, &uap->sysmsg_szresult); return(error); } @@ -386,7 +382,7 @@ sys_writev(struct writev_args *uap) auio.uio_segflg = UIO_USERSPACE; auio.uio_td = td; - error = kern_pwritev(uap->fd, &auio, 0, &uap->sysmsg_result); + error = kern_pwritev(uap->fd, &auio, 0, &uap->sysmsg_szresult); iovec_free(&iov, aiov); return (error); @@ -422,7 +418,7 @@ sys_extpwritev(struct extpwritev_args *uap) if (uap->offset != (off_t)-1) flags |= O_FOFFSET; - error = kern_pwritev(uap->fd, &auio, flags, &uap->sysmsg_result); + error = kern_pwritev(uap->fd, &auio, flags, &uap->sysmsg_szresult); iovec_free(&iov, aiov); return(error); @@ -432,7 +428,7 @@ sys_extpwritev(struct extpwritev_args *uap) * MPSAFE */ int -kern_pwritev(int fd, struct uio *auio, int flags, int *res) +kern_pwritev(int fd, struct uio *auio, int flags, size_t *res) { struct thread *td = curthread; struct proc *p = td->td_proc; @@ -461,12 +457,12 @@ kern_pwritev(int fd, struct uio *auio, int flags, int *res) * MPALMOSTSAFE - ktrace needs help */ static int -dofilewrite(int fd, struct file *fp, struct uio *auio, int flags, int *res) +dofilewrite(int fd, struct file *fp, struct uio *auio, int flags, size_t *res) { struct thread *td = curthread; struct lwp *lp = td->td_lwp; int error; - int len; + size_t len; #ifdef KTRACE struct iovec *ktriov = NULL; struct uio ktruio; @@ -653,7 +649,7 @@ mapped_ioctl(int fd, u_long com, caddr_t uspc_data, struct ioctl_map *map) } if ((com & IOC_IN) != 0) { if (size != 0) { - error = copyin(uspc_data, data, (u_int)size); + error = copyin(uspc_data, data, (size_t)size); if (error) { if (memp != NULL) kfree(memp, M_IOCTLOPS); @@ -667,7 +663,7 @@ mapped_ioctl(int fd, u_long com, caddr_t uspc_data, struct ioctl_map *map) * Zero the buffer so the user always * gets back something deterministic. */ - bzero(data, size); + bzero(data, (size_t)size); } else if ((com & IOC_VOID) != 0) { *(caddr_t *)data = uspc_data; } @@ -703,7 +699,7 @@ mapped_ioctl(int fd, u_long com, caddr_t uspc_data, struct ioctl_map *map) * already set and checked above. */ if (error == 0 && (com & IOC_OUT) != 0 && size != 0) - error = copyout(data, uspc_data, (u_int)size); + error = copyout(data, uspc_data, (size_t)size); break; } if (memp != NULL) diff --git a/sys/kern/tty.c b/sys/kern/tty.c index 2991cc79b9..3201a2c906 100644 --- a/sys/kern/tty.c +++ b/sys/kern/tty.c @@ -1761,14 +1761,14 @@ read: char ibuf[IBUFSIZ]; int icc; - icc = imin(uio->uio_resid, IBUFSIZ); + icc = (int)szmin(uio->uio_resid, IBUFSIZ); icc = q_to_b(qp, ibuf, icc); if (icc <= 0) { if (first) goto loop; break; } - error = uiomove(ibuf, icc, uio); + error = uiomove(ibuf, (size_t)icc, uio); /* * XXX if there was an error then we should ungetc() the * unmoved chars and reduce icc here. @@ -1889,7 +1889,9 @@ ttwrite(struct tty *tp, struct uio *uio, int flag) int cc, ce; struct proc *pp; struct lwp *lp; - int i, hiwat, cnt, error; + int i, hiwat, error; + size_t cnt; + char obuf[OBUFSIZ]; lp = curthread->td_lwp; @@ -1953,9 +1955,9 @@ loop: * leftover from last time. */ if (cc == 0) { - cc = imin(uio->uio_resid, OBUFSIZ); + cc = szmin(uio->uio_resid, OBUFSIZ); cp = obuf; - error = uiomove(cp, cc, uio); + error = uiomove(cp, (size_t)cc, uio); if (error) { cc = 0; break; diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c index e39545cb6c..9be0253aaa 100644 --- a/sys/kern/tty_pty.c +++ b/sys/kern/tty_pty.c @@ -475,8 +475,8 @@ ptcread(struct dev_read_args *ap) if (error) return (error); if (pti->pt_send & TIOCPKT_IOCTL) { - cc = min(ap->a_uio->uio_resid, - sizeof(tp->t_termios)); + cc = (int)szmin(ap->a_uio->uio_resid, + sizeof(tp->t_termios)); uiomove((caddr_t)&tp->t_termios, cc, ap->a_uio); } @@ -504,10 +504,11 @@ ptcread(struct dev_read_args *ap) if (pti->pt_flags & (PF_PKT|PF_UCNTL)) error = ureadc(0, ap->a_uio); while (ap->a_uio->uio_resid > 0 && error == 0) { - cc = q_to_b(&tp->t_outq, buf, min(ap->a_uio->uio_resid, BUFSIZ)); + cc = q_to_b(&tp->t_outq, buf, + (int)szmin(ap->a_uio->uio_resid, BUFSIZ)); if (cc <= 0) break; - error = uiomove(buf, cc, ap->a_uio); + error = uiomove(buf, (size_t)cc, ap->a_uio); } ttwwakeup(tp); return (error); @@ -606,10 +607,10 @@ again: while ((ap->a_uio->uio_resid > 0 || cc > 0) && tp->t_canq.c_cc < TTYHOG - 1) { if (cc == 0) { - cc = min(ap->a_uio->uio_resid, BUFSIZ); - cc = min(cc, TTYHOG - 1 - tp->t_canq.c_cc); + cc = (int)szmin(ap->a_uio->uio_resid, BUFSIZ); + cc = imin(cc, TTYHOG - 1 - tp->t_canq.c_cc); cp = locbuf; - error = uiomove((caddr_t)cp, cc, ap->a_uio); + error = uiomove(cp, (size_t)cc, ap->a_uio); if (error) return (error); /* check again for safety */ @@ -642,9 +643,9 @@ again: } while (ap->a_uio->uio_resid > 0 || cc > 0) { if (cc == 0) { - cc = min(ap->a_uio->uio_resid, BUFSIZ); + cc = (int)szmin(ap->a_uio->uio_resid, BUFSIZ); cp = locbuf; - error = uiomove((caddr_t)cp, cc, ap->a_uio); + error = uiomove(cp, (size_t)cc, ap->a_uio); if (error) return (error); /* check again for safety */ diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c index 7e5a4e1d64..00823c7b6f 100644 --- a/sys/kern/uipc_mbuf.c +++ b/sys/kern/uipc_mbuf.c @@ -86,6 +86,7 @@ #include #include +#include #include #include @@ -1817,9 +1818,16 @@ m_uiomove(struct uio *uio) struct mbuf *m; /* current working mbuf */ struct mbuf *head = NULL; /* result mbuf chain */ struct mbuf **mp = &head; - int resid = uio->uio_resid, nsize, flags = M_PKTHDR, error; + int flags = M_PKTHDR; + int nsize; + int error; + int resid; do { + if (uio->uio_resid > INT_MAX) + resid = INT_MAX; + else + resid = (int)uio->uio_resid; m = m_getl(resid, MB_WAIT, MT_DATA, flags, &nsize); if (flags) { m->m_pkthdr.len = 0; @@ -1828,7 +1836,7 @@ m_uiomove(struct uio *uio) MH_ALIGN(m, resid); flags = 0; } - m->m_len = min(nsize, resid); + m->m_len = imin(nsize, resid); error = uiomove(mtod(m, caddr_t), m->m_len, uio); if (error) { m_free(m); @@ -1837,8 +1845,7 @@ m_uiomove(struct uio *uio) *mp = m; mp = &m->m_next; head->m_pkthdr.len += m->m_len; - resid -= m->m_len; - } while (resid > 0); + } while (uio->uio_resid > 0); return (head); diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index ab41e2dfab..f6091f3fa1 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -520,7 +520,8 @@ sosend(struct socket *so, struct sockaddr *addr, struct uio *uio, { struct mbuf **mp; struct mbuf *m; - long space, len, resid; + size_t resid; + int space, len; int clen = 0, error, dontroute, mlen; int atomic = sosendallatonce(so) || top; int pru_flags; @@ -528,18 +529,15 @@ sosend(struct socket *so, struct sockaddr *addr, struct uio *uio, if (uio) resid = uio->uio_resid; else - resid = top->m_pkthdr.len; + resid = (size_t)top->m_pkthdr.len; /* - * In theory resid should be unsigned. - * However, space must be signed, as it might be less than 0 - * if we over-committed, and we must use a signed comparison - * of space and resid. On the other hand, a negative resid - * causes us to loop sending 0-length segments to the protocol. + * WARNING! resid is unsigned, space and len are signed. space + * can wind up negative if the sockbuf is overcommitted. * * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM * type sockets since that's an error. */ - if (resid < 0 || (so->so_type == SOCK_STREAM && (flags & MSG_EOR))) { + if (so->so_type == SOCK_STREAM && (flags & MSG_EOR)) { error = EINVAL; goto out; } @@ -590,7 +588,7 @@ restart: space = ssb_space(&so->so_snd); if (flags & MSG_OOB) space += 1024; - if (space < resid + clen && uio && + if ((space < 0 || (size_t)space < resid + clen) && uio && (atomic || space < so->so_snd.ssb_lowat || space < clen)) { if (flags & (MSG_FNONBLOCKING|MSG_DONTWAIT)) gotoerr(EWOULDBLOCK); @@ -613,13 +611,15 @@ restart: if (flags & MSG_EOR) top->m_flags |= M_EOR; } else do { - m = m_getl(resid, MB_WAIT, MT_DATA, + if (resid > INT_MAX) + resid = INT_MAX; + m = m_getl((int)resid, MB_WAIT, MT_DATA, top == NULL ? M_PKTHDR : 0, &mlen); if (top == NULL) { m->m_pkthdr.len = 0; m->m_pkthdr.rcvif = NULL; } - len = min(min(mlen, resid), space); + len = imin((int)szmin(mlen, resid), space); if (resid < MINCLSIZE) { /* * For datagram protocols, leave room @@ -629,7 +629,7 @@ restart: MH_ALIGN(m, len); } space -= len; - error = uiomove(mtod(m, caddr_t), (int)len, uio); + error = uiomove(mtod(m, caddr_t), (size_t)len, uio); resid = uio->uio_resid; m->m_len = len; *mp = m; @@ -637,7 +637,7 @@ restart: if (error) goto release; mp = &m->m_next; - if (resid <= 0) { + if (resid == 0) { if (flags & MSG_EOR) top->m_flags |= M_EOR; break; @@ -649,7 +649,7 @@ restart: pru_flags = PRUS_OOB; } else if ((flags & MSG_EOF) && (so->so_proto->pr_flags & PR_IMPLOPCL) && - (resid <= 0)) { + (resid == 0)) { /* * If the user set MSG_EOF, the protocol * understands this flag and nothing left to @@ -711,8 +711,10 @@ int sosendudp(struct socket *so, struct sockaddr *addr, struct uio *uio, struct mbuf *top, struct mbuf *control, int flags, struct thread *td) { - int resid, error; boolean_t dontroute; /* temporary SO_DONTROUTE setting */ + size_t resid; + int error; + int space; if (td->td_lwp != NULL) td->td_lwp->lwp_ru.ru_msgsnd++; @@ -720,7 +722,7 @@ sosendudp(struct socket *so, struct sockaddr *addr, struct uio *uio, m_freem(control); KASSERT((uio && !top) || (top && !uio), ("bad arguments to sosendudp")); - resid = uio ? uio->uio_resid : top->m_pkthdr.len; + resid = uio ? uio->uio_resid : (size_t)top->m_pkthdr.len; restart: error = ssb_lock(&so->so_snd, SBLOCKWAIT(flags)); @@ -740,7 +742,8 @@ restart: gotoerr(EDESTADDRREQ); if (resid > so->so_snd.ssb_hiwat) gotoerr(EMSGSIZE); - if (uio && ssb_space(&so->so_snd) < resid) { + space = ssb_space(&so->so_snd); + if (uio && (space < 0 || (size_t)space < resid)) { if (flags & (MSG_FNONBLOCKING|MSG_DONTWAIT)) gotoerr(EWOULDBLOCK); ssb_unlock(&so->so_snd); @@ -801,12 +804,12 @@ soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio, int flags, len, error, offset; struct protosw *pr = so->so_proto; int moff, type = 0; - int resid, orig_resid; + size_t resid, orig_resid; if (uio) resid = uio->uio_resid; else - resid = (int)(sio->sb_climit - sio->sb_cc); + resid = (size_t)(sio->sb_climit - sio->sb_cc); orig_resid = resid; if (psa) @@ -827,13 +830,15 @@ soreceive(struct socket *so, struct sockaddr **psa, struct uio *uio, if (sio) { do { sbappend(sio, m); - resid -= m->m_len; + KKASSERT(resid >= (size_t)m->m_len); + resid -= (size_t)m->m_len; } while (resid > 0 && m); } else { do { uio->uio_resid = resid; error = uiomove(mtod(m, caddr_t), - (int)min(resid, m->m_len), uio); + (int)szmin(resid, m->m_len), + uio); resid = uio->uio_resid; m = m_free(m); } while (uio->uio_resid && error == 0 && m); @@ -843,7 +848,7 @@ bad: m_freem(m); return (error); } - if (so->so_state & SS_ISCONFIRMING && resid) + if ((so->so_state & SS_ISCONFIRMING) && resid) so_pru_rcvd(so, 0); restart: @@ -865,9 +870,9 @@ restart: * a short count if a timeout or signal occurs after we start. */ if (m == NULL || (((flags & MSG_DONTWAIT) == 0 && - so->so_rcv.ssb_cc < resid) && + (size_t)so->so_rcv.ssb_cc < resid) && (so->so_rcv.ssb_cc < so->so_rcv.ssb_lowat || - ((flags & MSG_WAITALL) && resid <= so->so_rcv.ssb_hiwat)) && + ((flags & MSG_WAITALL) && resid <= (size_t)so->so_rcv.ssb_hiwat)) && m->m_nextpkt == 0 && (pr->pr_flags & PR_ATOMIC) == 0)) { KASSERT(m != NULL || !so->so_rcv.ssb_cc, ("receive 1")); if (so->so_error) { @@ -1001,7 +1006,7 @@ dontblock: KASSERT(m->m_type == MT_DATA || m->m_type == MT_HEADER, ("receive 3")); so->so_state &= ~SS_RCVATMARK; - len = resid; + len = (resid > INT_MAX) ? INT_MAX : resid; if (so->so_oobmark && len > so->so_oobmark - offset) len = so->so_oobmark - offset; if (len > m->m_len - moff) @@ -1021,7 +1026,7 @@ dontblock: if (error) goto release; } else { - resid -= len; + resid -= (size_t)len; } /* diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index b45981fffb..f1e868f399 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -136,7 +136,7 @@ sys_socket(struct socket_args *uap) int error; error = kern_socket(uap->domain, uap->type, uap->protocol, - &uap->sysmsg_result); + &uap->sysmsg_iresult); return (error); } @@ -378,7 +378,8 @@ sys_accept(struct accept_args *uap) if (error) return (error); - error = kern_accept(uap->s, 0, &sa, &sa_len, &uap->sysmsg_result); + error = kern_accept(uap->s, 0, &sa, &sa_len, + &uap->sysmsg_iresult); if (error == 0) error = copyout(sa, uap->name, sa_len); @@ -389,7 +390,8 @@ sys_accept(struct accept_args *uap) if (sa) FREE(sa, M_SONAME); } else { - error = kern_accept(uap->s, 0, NULL, 0, &uap->sysmsg_result); + error = kern_accept(uap->s, 0, NULL, 0, + &uap->sysmsg_iresult); } return (error); } @@ -410,7 +412,8 @@ sys_extaccept(struct extaccept_args *uap) if (error) return (error); - error = kern_accept(uap->s, fflags, &sa, &sa_len, &uap->sysmsg_result); + error = kern_accept(uap->s, fflags, &sa, &sa_len, + &uap->sysmsg_iresult); if (error == 0) error = copyout(sa, uap->name, sa_len); @@ -421,7 +424,8 @@ sys_extaccept(struct extaccept_args *uap) if (sa) FREE(sa, M_SONAME); } else { - error = kern_accept(uap->s, fflags, NULL, 0, &uap->sysmsg_result); + error = kern_accept(uap->s, fflags, NULL, 0, + &uap->sysmsg_iresult); } return (error); } @@ -620,13 +624,14 @@ sys_socketpair(struct socketpair_args *uap) int kern_sendmsg(int s, struct sockaddr *sa, struct uio *auio, - struct mbuf *control, int flags, int *res) + struct mbuf *control, int flags, size_t *res) { struct thread *td = curthread; struct lwp *lp = td->td_lwp; struct proc *p = td->td_proc; struct file *fp; - int len, error; + size_t len; + int error; struct socket *so; #ifdef KTRACE struct iovec *ktriov = NULL; @@ -636,10 +641,6 @@ kern_sendmsg(int s, struct sockaddr *sa, struct uio *auio, error = holdsock(p->p_fd, s, &fp); if (error) return (error); - if (auio->uio_resid < 0) { - error = EINVAL; - goto done; - } #ifdef KTRACE if (KTRPOINT(td, KTR_GENIO)) { int iovlen = auio->uio_iovcnt * sizeof (struct iovec); @@ -708,7 +709,7 @@ sys_sendto(struct sendto_args *uap) auio.uio_td = td; error = kern_sendmsg(uap->s, sa, &auio, NULL, uap->flags, - &uap->sysmsg_result); + &uap->sysmsg_szresult); if (sa) FREE(sa, M_SONAME); @@ -780,7 +781,7 @@ sys_sendmsg(struct sendmsg_args *uap) } error = kern_sendmsg(uap->s, sa, &auio, control, uap->flags, - &uap->sysmsg_result); + &uap->sysmsg_szresult); cleanup: iovec_free(&iov, aiov); @@ -797,12 +798,13 @@ cleanup2: */ int kern_recvmsg(int s, struct sockaddr **sa, struct uio *auio, - struct mbuf **control, int *flags, int *res) + struct mbuf **control, int *flags, size_t *res) { struct thread *td = curthread; struct proc *p = td->td_proc; struct file *fp; - int len, error; + size_t len; + int error; int lflags; struct socket *so; #ifdef KTRACE @@ -813,10 +815,6 @@ kern_recvmsg(int s, struct sockaddr **sa, struct uio *auio, error = holdsock(p->p_fd, s, &fp); if (error) return (error); - if (auio->uio_resid < 0) { - error = EINVAL; - goto done; - } #ifdef KTRACE if (KTRPOINT(td, KTR_GENIO)) { int iovlen = auio->uio_iovcnt * sizeof (struct iovec); @@ -896,7 +894,7 @@ sys_recvfrom(struct recvfrom_args *uap) auio.uio_td = td; error = kern_recvmsg(uap->s, uap->from ? &sa : NULL, &auio, NULL, - &uap->flags, &uap->sysmsg_result); + &uap->flags, &uap->sysmsg_szresult); if (error == 0 && uap->from) { /* note: sa may still be NULL */ @@ -968,8 +966,10 @@ sys_recvmsg(struct recvmsg_args *uap) flags = uap->flags; - error = kern_recvmsg(uap->s, msg.msg_name ? &sa : NULL, &auio, - msg.msg_control ? &control : NULL, &flags, &uap->sysmsg_result); + error = kern_recvmsg(uap->s, + (msg.msg_name ? &sa : NULL), &auio, + (msg.msg_control ? &control : NULL), &flags, + &uap->sysmsg_szresult); /* * Conditionally copyout the name and populate the namelen field. @@ -1398,8 +1398,11 @@ sys_sendfile(struct sendfile_args *uap) struct iovec aiov[UIO_SMALLIOV], *iov = NULL; struct uio auio; struct mbuf *mheader = NULL; - off_t hdtr_size = 0, sbytes; - int error, hbytes = 0, tbytes; + size_t hbytes = 0; + size_t tbytes; + off_t hdtr_size = 0; + off_t sbytes; + int error; KKASSERT(p); @@ -1819,7 +1822,7 @@ sys_sctp_peeloff(struct sctp_peeloff_args *uap) crit_exit(); goto done; } - uap->sysmsg_result = fd; + uap->sysmsg_iresult = fd; so = sctp_get_peeloff(head, assoc_id, &error); if (so == NULL) { diff --git a/sys/kern/vfs_cluster.c b/sys/kern/vfs_cluster.c index 31dbe66243..8923bb1d8a 100644 --- a/sys/kern/vfs_cluster.c +++ b/sys/kern/vfs_cluster.c @@ -56,6 +56,8 @@ #include #include +#include + #if defined(CLUSTERDEBUG) #include static int rcluster= 0; @@ -91,7 +93,7 @@ extern int cluster_pbuf_freecnt; */ int cluster_read(struct vnode *vp, off_t filesize, off_t loffset, - int blksize, int totread, int seqcount, struct buf **bpp) + int blksize, size_t resid, int seqcount, struct buf **bpp) { struct buf *bp, *rbp, *reqbp; off_t origoffset; @@ -99,8 +101,10 @@ cluster_read(struct vnode *vp, off_t filesize, off_t loffset, int error; int i; int maxra, racluster; + int totread; error = 0; + totread = (resid > INT_MAX) ? INT_MAX : (int)resid; /* * Try to limit the amount of read-ahead by a few diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 5b6e0ef807..13f38307a2 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -4164,7 +4164,7 @@ sys_extattr_set_file(struct extattr_set_file_args *uap) goto done; auio.uio_resid = 0; for (i = 0; i < uap->iovcnt; i++) { - if (iov->iov_len > INT_MAX - auio.uio_resid) { + if (iov->iov_len > LONG_MAX - auio.uio_resid) { error = EINVAL; goto done; } @@ -4241,7 +4241,7 @@ sys_extattr_get_file(struct extattr_get_file_args *uap) goto done; auio.uio_resid = 0; for (i = 0; i < uap->iovcnt; i++) { - if (iov->iov_len > INT_MAX - auio.uio_resid) { + if (iov->iov_len > LONG_MAX - auio.uio_resid) { error = EINVAL; goto done; } diff --git a/sys/net/i4b/driver/i4b_rbch.c b/sys/net/i4b/driver/i4b_rbch.c index def0f143f8..3d038dd79e 100644 --- a/sys/net/i4b/driver/i4b_rbch.c +++ b/sys/net/i4b/driver/i4b_rbch.c @@ -423,11 +423,11 @@ i4brbchwrite(struct dev_write_args *ap) if((m = i4b_Bgetmbuf(BCH_MAX_DATALEN)) != NULL) { - m->m_len = min(BCH_MAX_DATALEN, uio->uio_resid); + m->m_len = (int)szmin(BCH_MAX_DATALEN, uio->uio_resid); NDBGL4(L4_RBCHDBG, "unit %d, write %d bytes", unit, m->m_len); - error = uiomove(m->m_data, m->m_len, uio); + error = uiomove(m->m_data, (size_t)m->m_len, uio); if(IF_QFULL(isdn_linktab[unit]->tx_queue)) m_freem(m); diff --git a/sys/net/i4b/driver/i4b_tel.c b/sys/net/i4b/driver/i4b_tel.c index b19413b940..6ac82d6816 100644 --- a/sys/net/i4b/driver/i4b_tel.c +++ b/sys/net/i4b/driver/i4b_tel.c @@ -578,9 +578,9 @@ i4btelwrite(struct dev_write_args *ap) { int i; - m->m_len = min(BCH_MAX_DATALEN, uio->uio_resid); + m->m_len = (int)szmin(BCH_MAX_DATALEN, uio->uio_resid); - error = uiomove(m->m_data, m->m_len, uio); + error = uiomove(m->m_data, (size_t)m->m_len, uio); for(i = 0; i < m->m_len; i++) { @@ -605,9 +605,9 @@ i4btelwrite(struct dev_write_args *ap) { #define CMDBUFSIZ 80 char cmdbuf[CMDBUFSIZ]; - int len = min(CMDBUFSIZ-1, uio->uio_resid); + int len = (int)szmin(CMDBUFSIZ-1, uio->uio_resid); - error = uiomove(cmdbuf, len, uio); + error = uiomove(cmdbuf, (size_t)len, uio); if(cmdbuf[0] == CMD_DIAL) { diff --git a/sys/net/tap/if_tap.c b/sys/net/tap/if_tap.c index b635a8d115..481544543e 100644 --- a/sys/net/tap/if_tap.c +++ b/sys/net/tap/if_tap.c @@ -831,11 +831,11 @@ tapread(struct dev_read_args *ap) /* xfer packet to user space */ while ((m0 != NULL) && (uio->uio_resid > 0) && (error == 0)) { - len = min(uio->uio_resid, m0->m_len); + len = (int)szmin(uio->uio_resid, m0->m_len); if (len == 0) break; - error = uiomove(mtod(m0, caddr_t), len, uio); + error = uiomove(mtod(m0, caddr_t), (size_t)len, uio); m0 = m_free(m0); } @@ -865,7 +865,8 @@ tapwrite(struct dev_write_args *ap) struct tap_softc *tp = dev->si_drv1; struct ifnet *ifp = &tp->tap_if; struct mbuf *top = NULL, **mp = NULL, *m = NULL; - int error = 0, tlen, mlen; + int error = 0; + size_t tlen, mlen; TAPDEBUG(ifp, "writing, minor = %#x\n", minor(tp->tap_dev)); @@ -878,8 +879,8 @@ tapwrite(struct dev_write_args *ap) if (uio->uio_resid == 0) return (0); - if ((uio->uio_resid < 0) || (uio->uio_resid > TAPMRU)) { - TAPDEBUG(ifp, "invalid packet len = %d, minor = %#x\n", + if (uio->uio_resid > TAPMRU) { + TAPDEBUG(ifp, "invalid packet len = %ld, minor = %#x\n", uio->uio_resid, minor(tp->tap_dev)); return (EIO); @@ -895,8 +896,8 @@ tapwrite(struct dev_write_args *ap) top = 0; mp = ⊤ while ((error == 0) && (uio->uio_resid > 0)) { - m->m_len = min(mlen, uio->uio_resid); - error = uiomove(mtod(m, caddr_t), m->m_len, uio); + m->m_len = (int)szmin(mlen, uio->uio_resid); + error = uiomove(mtod(m, caddr_t), (size_t)m->m_len, uio); *mp = m; mp = &m->m_next; if (uio->uio_resid > 0) { @@ -915,7 +916,7 @@ tapwrite(struct dev_write_args *ap) return (error); } - top->m_pkthdr.len = tlen; + top->m_pkthdr.len = (int)tlen; top->m_pkthdr.rcvif = ifp; /* diff --git a/sys/net/tun/if_tun.c b/sys/net/tun/if_tun.c index f04c15dced..7b5654e79f 100644 --- a/sys/net/tun/if_tun.c +++ b/sys/net/tun/if_tun.c @@ -550,9 +550,9 @@ tunread(struct dev_read_args *ap) ifnet_deserialize_all(ifp); while (m0 && uio->uio_resid > 0 && error == 0) { - len = min(uio->uio_resid, m0->m_len); + len = (int)szmin(uio->uio_resid, m0->m_len); if (len != 0) - error = uiomove(mtod(m0, caddr_t), len, uio); + error = uiomove(mtod(m0, caddr_t), (size_t)len, uio); m0 = m_free(m0); } @@ -574,7 +574,8 @@ tunwrite(struct dev_write_args *ap) struct tun_softc *tp = dev->si_drv1; struct ifnet *ifp = &tp->tun_if; struct mbuf *top, **mp, *m; - int error=0, tlen, mlen; + int error=0; + size_t tlen, mlen; uint32_t family; int isr; @@ -583,7 +584,7 @@ tunwrite(struct dev_write_args *ap) if (uio->uio_resid == 0) return 0; - if (uio->uio_resid < 0 || uio->uio_resid > TUNMRU) { + if (uio->uio_resid > TUNMRU) { TUNDEBUG(ifp, "len=%d!\n", uio->uio_resid); return EIO; } @@ -598,8 +599,8 @@ tunwrite(struct dev_write_args *ap) top = 0; mp = ⊤ while (error == 0 && uio->uio_resid > 0) { - m->m_len = min(mlen, uio->uio_resid); - error = uiomove(mtod (m, caddr_t), m->m_len, uio); + m->m_len = (int)szmin(mlen, uio->uio_resid); + error = uiomove(mtod (m, caddr_t), (size_t)m->m_len, uio); *mp = m; mp = &m->m_next; if (uio->uio_resid > 0) { @@ -618,7 +619,7 @@ tunwrite(struct dev_write_args *ap) return error; } - top->m_pkthdr.len = tlen; + top->m_pkthdr.len = (int)tlen; top->m_pkthdr.rcvif = ifp; if (ifp->if_bpf) { diff --git a/sys/netgraph7/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c b/sys/netgraph7/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c index 8c4ee8c239..2fe2fb3a0a 100644 --- a/sys/netgraph7/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c +++ b/sys/netgraph7/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c @@ -401,14 +401,14 @@ ubtbcmfw_read(struct cdev *dev, struct uio *uio, int flag) sc->sc_refcnt ++; - while ((n = min(sizeof(buf), uio->uio_resid)) != 0) { + while ((n = (int)szmin(sizeof(buf), uio->uio_resid)) != 0) { tn = n; err = usbd_bulk_transfer(xfer, sc->sc_intr_in_pipe, USBD_SHORT_XFER_OK, USBD_DEFAULT_TIMEOUT, buf, &tn, "bcmrd"); switch (err) { case USBD_NORMAL_COMPLETION: - error = uiomove(buf, tn, uio); + error = uiomove(buf, (size_t)tn, uio); break; case USBD_INTERRUPTED: @@ -465,8 +465,8 @@ ubtbcmfw_write(struct cdev *dev, struct uio *uio, int flag) sc->sc_refcnt ++; - while ((n = min(sizeof(buf), uio->uio_resid)) != 0) { - error = uiomove(buf, n, uio); + while ((n = (int)szmin(sizeof(buf), uio->uio_resid)) != 0) { + error = uiomove(buf, (size_t)n, uio); if (error != 0) break; diff --git a/sys/netgraph7/ng_device.c b/sys/netgraph7/ng_device.c index 3705d8f1a0..8d21d94fdb 100644 --- a/sys/netgraph7/ng_device.c +++ b/sys/netgraph7/ng_device.c @@ -463,7 +463,7 @@ ngdwrite(struct cdev *dev, struct uio *uio, int flag) if (uio->uio_resid == 0) return (0); - if (uio->uio_resid < 0 || uio->uio_resid > IP_MAXPACKET) + if (uio->uio_resid > IP_MAXPACKET) return (EIO); if ((m = m_uiotombuf(uio, MB_DONTWAIT, 0, 0, M_PKTHDR)) == NULL) diff --git a/sys/netproto/smb/smb_smb.c b/sys/netproto/smb/smb_smb.c index e41518bc5e..40368ffe68 100644 --- a/sys/netproto/smb/smb_smb.c +++ b/sys/netproto/smb/smb_smb.c @@ -46,6 +46,7 @@ #include #include +#include #include "smb.h" #include "smb_subr.h" @@ -509,7 +510,7 @@ smb_smb_read(struct smb_share *ssp, u_int16_t fid, mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM); mb_put_uint16le(mbp, rlen); mb_put_uint32le(mbp, uio->uio_offset); - mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff)); + mb_put_uint16le(mbp, (unsigned short)szmin(uio->uio_resid, 0xffff)); smb_rq_wend(rqp); smb_rq_bstart(rqp); smb_rq_bend(rqp); @@ -545,16 +546,17 @@ int smb_read(struct smb_share *ssp, u_int16_t fid, struct uio *uio, struct smb_cred *scred) { - int tsize, len, resid; + int len, resid; int error = 0; - tsize = uio->uio_resid; - while (tsize > 0) { - len = tsize; + while (uio->uio_resid > 0) { + if (uio->uio_resid > INT_MAX) + len = INT_MAX; + else + len = (int)uio->uio_resid; error = smb_smb_read(ssp, fid, &len, &resid, uio, scred); if (error) break; - tsize -= resid; if (resid < len) break; } @@ -589,7 +591,7 @@ smb_smb_write(struct smb_share *ssp, u_int16_t fid, int *len, int *rresid, mb_put_mem(mbp, (caddr_t)&fid, sizeof(fid), MB_MSYSTEM); mb_put_uint16le(mbp, resid); mb_put_uint32le(mbp, uio->uio_offset); - mb_put_uint16le(mbp, min(uio->uio_resid, 0xffff)); + mb_put_uint16le(mbp, (unsigned short)szmin(uio->uio_resid, 0xffff)); smb_rq_wend(rqp); smb_rq_bstart(rqp); mb_put_uint8(mbp, SMB_DT_DATA); @@ -619,13 +621,15 @@ int smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio, struct smb_cred *scred) { - int error = 0, len, tsize, resid; + int error = 0, len, resid; struct uio olduio; - tsize = uio->uio_resid; olduio = *uio; - while (tsize > 0) { - len = tsize; + while (uio->uio_resid > 0) { + if (uio->uio_resid > INT_MAX) + len = INT_MAX; + else + len = (int)uio->uio_resid; error = smb_smb_write(ssp, fid, &len, &resid, uio, scred); if (error) break; @@ -633,7 +637,6 @@ smb_write(struct smb_share *ssp, u_int16_t fid, struct uio *uio, error = EIO; break; } - tsize -= resid; } if (error) { /* diff --git a/sys/netproto/smb/smb_trantcp.c b/sys/netproto/smb/smb_trantcp.c index 20f1981929..d47a2871c8 100644 --- a/sys/netproto/smb/smb_trantcp.c +++ b/sys/netproto/smb/smb_trantcp.c @@ -372,8 +372,9 @@ nbssn_recv(struct nbpcb *nbp, struct mbuf **mpp, int *lenp, { struct socket *so = nbp->nbp_tso; struct sockbuf sio; - u_int8_t rpcode; - int error, rcvflg, savelen; + int error, rcvflg; + int savelen = 0; + u_int8_t rpcode = 0; if (so == NULL) return ENOTCONN; diff --git a/sys/platform/pc32/i386/busdma_machdep.c b/sys/platform/pc32/i386/busdma_machdep.c index e129f8ff7d..47292afb2f 100644 --- a/sys/platform/pc32/i386/busdma_machdep.c +++ b/sys/platform/pc32/i386/busdma_machdep.c @@ -950,7 +950,7 @@ bus_dmamap_load_uio(bus_dma_tag_t dmat, bus_dmamap_t map, flags &= ~BUS_DMA_WAITOK; flags |= BUS_DMA_NOWAIT; - resid = uio->uio_resid; + resid = (bus_size_t)uio->uio_resid; iov = uio->uio_iov; segs = segments; @@ -1004,7 +1004,7 @@ bus_dmamap_load_uio(bus_dma_tag_t dmat, bus_dmamap_t map, 0, error); } else { callback(callback_arg, segments, dmat->nsegments - nsegs_left, - uio->uio_resid, error); + (bus_size_t)uio->uio_resid, error); } if (dmat->nsegments > BUS_DMA_CACHE_SEGMENTS) kfree(segments, M_DEVBUF); diff --git a/sys/platform/pc32/i386/vm_machdep.c b/sys/platform/pc32/i386/vm_machdep.c index a698afc371..14890030fa 100644 --- a/sys/platform/pc32/i386/vm_machdep.c +++ b/sys/platform/pc32/i386/vm_machdep.c @@ -471,7 +471,7 @@ cpu_reset_real(void) } int -grow_stack(struct proc *p, u_int sp) +grow_stack(struct proc *p, vm_offset_t sp) { int rv; diff --git a/sys/platform/pc32/include/iic.h b/sys/platform/pc32/include/iic.h index 05e236517e..06f22097e1 100644 --- a/sys/platform/pc32/include/iic.h +++ b/sys/platform/pc32/include/iic.h @@ -39,8 +39,8 @@ struct iiccmd { u_char slave; - int count; - int last; + size_t count; + size_t last; char *buf; }; diff --git a/sys/platform/pc32/isa/asc.c b/sys/platform/pc32/isa/asc.c index d437e50136..9b38135ca7 100644 --- a/sys/platform/pc32/isa/asc.c +++ b/sys/platform/pc32/isa/asc.c @@ -740,13 +740,13 @@ ascread(struct dev_read_args *ap) scu->sbuf.wptr, scu->sbuf.count, scu->bcount,scu->flags,scu->icnt); /* first, not more than available... */ - nbytes = min( uio->uio_resid, scu->sbuf.count ); + nbytes = szmin(uio->uio_resid, scu->sbuf.count); /* second, contiguous data... */ - nbytes = min( nbytes, (scu->sbuf.size - scu->sbuf.rptr) ); + nbytes = szmin( nbytes, (scu->sbuf.size - scu->sbuf.rptr) ); /* third, one line (will remove this later, XXX) */ - nbytes = min( nbytes, scu->linesize ); + nbytes = szmin( nbytes, scu->linesize ); if ( (scu->flags & PBM_MODE) ) - nbytes = min( nbytes, scu->bcount ); + nbytes = szmin( nbytes, scu->bcount ); lprintf("asc%d.read: transferring 0x%x bytes\n", unit, nbytes); if (geomtab[scu->geometry].g_res!=0) { /* BW scanner */ lprintf("asc%d.read: invert buffer\n",unit); diff --git a/sys/platform/pc64/amd64/busdma_machdep.c b/sys/platform/pc64/amd64/busdma_machdep.c index e129f8ff7d..47292afb2f 100644 --- a/sys/platform/pc64/amd64/busdma_machdep.c +++ b/sys/platform/pc64/amd64/busdma_machdep.c @@ -950,7 +950,7 @@ bus_dmamap_load_uio(bus_dma_tag_t dmat, bus_dmamap_t map, flags &= ~BUS_DMA_WAITOK; flags |= BUS_DMA_NOWAIT; - resid = uio->uio_resid; + resid = (bus_size_t)uio->uio_resid; iov = uio->uio_iov; segs = segments; @@ -1004,7 +1004,7 @@ bus_dmamap_load_uio(bus_dma_tag_t dmat, bus_dmamap_t map, 0, error); } else { callback(callback_arg, segments, dmat->nsegments - nsegs_left, - uio->uio_resid, error); + (bus_size_t)uio->uio_resid, error); } if (dmat->nsegments > BUS_DMA_CACHE_SEGMENTS) kfree(segments, M_DEVBUF); diff --git a/sys/platform/pc64/amd64/vm_machdep.c b/sys/platform/pc64/amd64/vm_machdep.c index ae88aceb68..61f7c7e69d 100644 --- a/sys/platform/pc64/amd64/vm_machdep.c +++ b/sys/platform/pc64/amd64/vm_machdep.c @@ -334,7 +334,7 @@ cpu_reset_real(void) } int -grow_stack(struct proc *p, u_long sp) +grow_stack(struct proc *p, vm_offset_t sp) { int rv; diff --git a/sys/platform/pc64/isa/asc.c b/sys/platform/pc64/isa/asc.c index 6ee47739bb..b53c78d144 100644 --- a/sys/platform/pc64/isa/asc.c +++ b/sys/platform/pc64/isa/asc.c @@ -739,13 +739,13 @@ ascread(struct dev_read_args *ap) scu->sbuf.wptr, scu->sbuf.count, scu->bcount,scu->flags,scu->icnt); /* first, not more than available... */ - nbytes = min( uio->uio_resid, scu->sbuf.count ); + nbytes = szmin(uio->uio_resid, scu->sbuf.count); /* second, contiguous data... */ - nbytes = min( nbytes, (scu->sbuf.size - scu->sbuf.rptr) ); + nbytes = szmin(nbytes, (scu->sbuf.size - scu->sbuf.rptr)); /* third, one line (will remove this later, XXX) */ - nbytes = min( nbytes, scu->linesize ); + nbytes = szmin(nbytes, scu->linesize); if ( (scu->flags & PBM_MODE) ) - nbytes = min( nbytes, scu->bcount ); + nbytes = szmin(nbytes, scu->bcount); lprintf("asc%d.read: transferring 0x%x bytes\n", unit, nbytes); if (geomtab[scu->geometry].g_res!=0) { /* BW scanner */ lprintf("asc%d.read: invert buffer\n",unit); diff --git a/sys/platform/vkernel/platform/busdma_machdep.c b/sys/platform/vkernel/platform/busdma_machdep.c index 044067a739..eebd17ad98 100644 --- a/sys/platform/vkernel/platform/busdma_machdep.c +++ b/sys/platform/vkernel/platform/busdma_machdep.c @@ -889,7 +889,7 @@ bus_dmamap_load_uio(bus_dma_tag_t dmat, bus_dmamap_t map, flags &= ~BUS_DMA_WAITOK; flags |= BUS_DMA_NOWAIT; - resid = uio->uio_resid; + resid = (bus_size_t)uio->uio_resid; iov = uio->uio_iov; if (uio->uio_segflg == UIO_USERSPACE) { @@ -929,7 +929,7 @@ bus_dmamap_load_uio(bus_dma_tag_t dmat, bus_dmamap_t map, callback(callback_arg, dmat->segments, 0, 0, error); } else { callback(callback_arg, dmat->segments, nsegs, - uio->uio_resid, error); + (bus_size_t)uio->uio_resid, error); } return error; } diff --git a/sys/sys/buf.h b/sys/sys/buf.h index 64cf191b94..90f19695bc 100644 --- a/sys/sys/buf.h +++ b/sys/sys/buf.h @@ -417,7 +417,7 @@ void biodone_sync (struct bio *); void cluster_append(struct bio *, struct buf *); int cluster_read (struct vnode *, off_t, off_t, int, - int, int, struct buf **); + size_t, int, struct buf **); int cluster_wbuild (struct vnode *, int, off_t, int); void cluster_write (struct buf *, off_t, int, int); int physread (struct dev_read_args *); diff --git a/sys/sys/kern_syscall.h b/sys/sys/kern_syscall.h index 3f3a2b39d0..9207783ca5 100644 --- a/sys/sys/kern_syscall.h +++ b/sys/sys/kern_syscall.h @@ -97,8 +97,8 @@ int kern_kill(int sig, pid_t pid, lwpid_t tid); /* * Prototypes for syscalls in kern/sys_generic.c */ -int kern_preadv(int fd, struct uio *auio, int flags, int *res); -int kern_pwritev(int fd, struct uio *auio, int flags, int *res); +int kern_preadv(int fd, struct uio *auio, int flags, size_t *res); +int kern_pwritev(int fd, struct uio *auio, int flags, size_t *res); /* * Prototypes for syscalls in kern/kern_resource.c @@ -117,12 +117,12 @@ int kern_getpeername(int s, struct sockaddr **name, int *namelen); int kern_getsockopt(int s, struct sockopt *sopt); int kern_getsockname(int s, struct sockaddr **name, int *namelen); int kern_recvmsg(int s, struct sockaddr **sa, struct uio *auio, - struct mbuf **control, int *flags, int *res); + struct mbuf **control, int *flags, size_t *res); int kern_shutdown(int s, int how); int kern_sendfile(struct vnode *vp, int s, off_t offset, size_t nbytes, struct mbuf *mheader, off_t *sbytes, int flags); int kern_sendmsg(int s, struct sockaddr *sa, struct uio *auio, - struct mbuf *control, int flags, int *res); + struct mbuf *control, int flags, size_t *res); int kern_setsockopt(int s, struct sockopt *sopt); int kern_socket(int domain, int type, int protocol, int *res); int kern_socketpair(int domain, int type, int protocol, int *sockv); diff --git a/sys/sys/sysmsg.h b/sys/sys/sysmsg.h index 104db62713..cd053d1e39 100644 --- a/sys/sys/sysmsg.h +++ b/sys/sys/sysmsg.h @@ -25,13 +25,15 @@ union sysunion; struct sysmsg { union { - void *resultp; /* misc pointer data or result */ - int result; /* standard 'int'eger result */ - long lresult; /* long result */ - long fds[2]; /* double result */ - __int32_t result32; /* 32 bit result */ - __int64_t result64; /* 64 bit result */ - __off_t offset; /* off_t result */ + void *resultp; /* misc pointer data or result */ + int result; /* DEPRECATED - AUDIT -> iresult */ + int iresult; /* standard 'int'eger result */ + long lresult; /* long result */ + size_t szresult; /* size_t result */ + long fds[2]; /* double result */ + __int32_t result32; /* 32 bit result */ + __int64_t result64; /* 64 bit result */ + __off_t offset; /* off_t result */ register_t reg; } sm_result; struct trapframe *sm_frame; /* trapframe - saved user context */ @@ -45,7 +47,9 @@ union sysunion; #ifdef _KERNEL #define sysmsg_result sysmsg.sm_result.result +#define sysmsg_iresult sysmsg.sm_result.iresult #define sysmsg_lresult sysmsg.sm_result.lresult +#define sysmsg_szresult sysmsg.sm_result.szresult #define sysmsg_resultp sysmsg.sm_result.resultp #define sysmsg_fds sysmsg.sm_result.fds #define sysmsg_offset sysmsg.sm_result.offset diff --git a/sys/sys/uio.h b/sys/sys/uio.h index dd26f89885..f2f0d2ab2b 100644 --- a/sys/sys/uio.h +++ b/sys/sys/uio.h @@ -64,12 +64,17 @@ enum uio_seg { /* * uio_td is primarily used for USERSPACE transfers, but some devices * like ttys may also use it to get at the process. + * + * NOTE: uio_resid: Previously used int and FreeBSD decided to use ssize_t, + * but after reviewing use cases and in particular the fact that the + * iov uses an unsigned quantity, DragonFly will use the (unsigned) + * size_t. */ struct uio { struct iovec *uio_iov; int uio_iovcnt; off_t uio_offset; - int uio_resid; + size_t uio_resid; enum uio_seg uio_segflg; enum uio_rw uio_rw; struct thread *uio_td; @@ -89,14 +94,13 @@ struct vm_object; struct vm_page; void uio_yield (void); -int uiomove (caddr_t, int, struct uio *); -int uiomove_frombuf (void *buf, int buflen, struct uio *uio); -int uiomove_fromphys(struct vm_page *ma[], vm_offset_t offset, int n, - struct uio *uio); -int uiomoveco (caddr_t, int, struct uio *, struct vm_object *); +int uiomove (caddr_t, size_t, struct uio *); +int uiomove_frombuf (void *buf, size_t buflen, struct uio *uio); +int uiomove_fromphys(struct vm_page *ma[], vm_offset_t offset, + size_t n, struct uio *uio); int uioread (int, struct uio *, struct vm_object *, int *); int iovec_copyin(struct iovec *, struct iovec **, struct iovec *, - size_t, int *); + size_t, size_t *); /* * MPSAFE diff --git a/sys/sys/xio.h b/sys/sys/xio.h index 8ac1fecf67..281819e298 100644 --- a/sys/sys/xio.h +++ b/sys/sys/xio.h @@ -95,7 +95,7 @@ int xio_init_ubuf(xio_t xio, void *ubase, size_t ubytes, int vmprot); int xio_init_kbuf(xio_t xio, void *kbase, size_t kbytes); int xio_init_pages(xio_t xio, struct vm_page **mbase, int npages, int xflags); void xio_release(xio_t xio); -int xio_uio_copy(xio_t xio, int uoffset, struct uio *uio, int *sizep); +int xio_uio_copy(xio_t xio, int uoffset, struct uio *uio, size_t *sizep); int xio_copy_xtou(xio_t xio, int uoffset, void *uptr, int bytes); int xio_copy_xtok(xio_t xio, int uoffset, void *kptr, int bytes); int xio_copy_utox(xio_t xio, int uoffset, const void *uptr, int bytes); diff --git a/sys/vfs/fdesc/fdesc_vnops.c b/sys/vfs/fdesc/fdesc_vnops.c index bec43dd3ad..c39e694574 100644 --- a/sys/vfs/fdesc/fdesc_vnops.c +++ b/sys/vfs/fdesc/fdesc_vnops.c @@ -433,10 +433,9 @@ fdesc_readdir(struct vop_readdir_args *ap) if (VTOFDESC(ap->a_vp)->fd_type != Froot) panic("fdesc_readdir: not dir"); - if (uio->uio_offset < 0 || uio->uio_offset > INT_MAX || - uio->uio_resid < 0) + if (uio->uio_offset < 0 || uio->uio_offset > INT_MAX) return(EINVAL); - i = uio->uio_offset; + i = (int)uio->uio_offset; KKASSERT(uio->uio_td->td_proc); fdp = uio->uio_td->td_proc->p_fd; error = 0; diff --git a/sys/vfs/hammer/hammer_vnops.c b/sys/vfs/hammer/hammer_vnops.c index 1dd058f666..6f87188bf6 100644 --- a/sys/vfs/hammer/hammer_vnops.c +++ b/sys/vfs/hammer/hammer_vnops.c @@ -405,7 +405,7 @@ hammer_vop_write(struct vop_write_args *ap) return (EFBIG); } base_offset = uio->uio_offset + uio->uio_resid; /* work around gcc-4 */ - if (uio->uio_resid > 0 && base_offset <= 0) { + if (uio->uio_resid > 0 && base_offset <= uio->uio_offset) { hammer_done_transaction(&trans); return (EFBIG); } diff --git a/sys/vfs/hpfs/hpfs_vnops.c b/sys/vfs/hpfs/hpfs_vnops.c index ea88ca53f7..ac82c726cf 100644 --- a/sys/vfs/hpfs/hpfs_vnops.c +++ b/sys/vfs/hpfs/hpfs_vnops.c @@ -306,14 +306,17 @@ hpfs_read(struct vop_read_args *ap) int runl; int error = 0; - resid = min (uio->uio_resid, hp->h_fn.fn_size - uio->uio_offset); + resid = (int)szmin(uio->uio_resid, hp->h_fn.fn_size - uio->uio_offset); - dprintf(("hpfs_read(0x%x, off: %d resid: %d, segflg: %d): [resid: 0x%x]\n",hp->h_no,(u_int32_t)uio->uio_offset,uio->uio_resid,uio->uio_segflg, resid)); + dprintf(("hpfs_read(0x%x, off: %d resid: %d, segflg: %d): " + "[resid: 0x%lx]\n", + hp->h_no, (u_int32_t)uio->uio_offset, + uio->uio_resid, uio->uio_segflg, resid)); while (resid) { lbn = uio->uio_offset >> DEV_BSHIFT; off = uio->uio_offset & (DEV_BSIZE - 1); - dprintf(("hpfs_read: resid: 0x%x lbn: 0x%x off: 0x%x\n", + dprintf(("hpfs_read: resid: 0x%lx lbn: 0x%x off: 0x%x\n", uio->uio_resid, lbn, off)); error = hpfs_hpbmap(hp, lbn, &bn, &runl); if (error) @@ -333,7 +336,7 @@ hpfs_read(struct vop_read_args *ap) break; } - error = uiomove(bp->b_data + off, toread - off, uio); + error = uiomove(bp->b_data + off, (size_t)(toread - off), uio); if(error) { brelse(bp); break; @@ -362,7 +365,9 @@ hpfs_write(struct vop_write_args *ap) int runl; int error = 0; - dprintf(("hpfs_write(0x%x, off: %d resid: %d, segflg: %d):\n",hp->h_no,(u_int32_t)uio->uio_offset,uio->uio_resid,uio->uio_segflg)); + dprintf(("hpfs_write(0x%x, off: %d resid: %ld, segflg: %d):\n", + hp->h_no, (u_int32_t)uio->uio_offset, + uio->uio_resid, uio->uio_segflg)); if (ap->a_ioflag & IO_APPEND) { dprintf(("hpfs_write: APPEND mode\n")); @@ -379,13 +384,14 @@ hpfs_write(struct vop_write_args *ap) while (uio->uio_resid) { lbn = uio->uio_offset >> DEV_BSHIFT; off = uio->uio_offset & (DEV_BSIZE - 1); - dprintf(("hpfs_write: resid: 0x%x lbn: 0x%x off: 0x%x\n", + dprintf(("hpfs_write: resid: 0x%lx lbn: 0x%x off: 0x%x\n", uio->uio_resid, lbn, off)); error = hpfs_hpbmap(hp, lbn, &bn, &runl); if (error) return (error); - towrite = min(off + uio->uio_resid, min(DFLTPHYS, (runl+1)*DEV_BSIZE)); + towrite = szmin(off + uio->uio_resid, + min(DFLTPHYS, (runl+1)*DEV_BSIZE)); xfersz = (towrite + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1); dprintf(("hpfs_write: bn: 0x%x (0x%x) towrite: 0x%x (0x%x)\n", bn, runl, towrite, xfersz)); @@ -410,7 +416,7 @@ hpfs_write(struct vop_write_args *ap) } } - error = uiomove(bp->b_data + off, towrite - off, uio); + error = uiomove(bp->b_data + off, (size_t)(towrite - off), uio); if(error) { brelse(bp); return (error); @@ -801,7 +807,7 @@ hpfs_de_uiomove(int *error, struct hpfsmount *hpmp, struct hpfsdirent *dep, (dep->de_flag & DE_DIR) ? DT_DIR : DT_REG, dep->de_namelen, convname); - dprintf(("[0x%x] ", uio->uio_resid)); + dprintf(("[0x%lx] ", uio->uio_resid)); return (success); } @@ -826,7 +832,8 @@ hpfs_readdir(struct vop_readdir_args *ap) lsn_t lsn; int level; - dprintf(("hpfs_readdir(0x%x, 0x%x, 0x%x): ",hp->h_no,(u_int32_t)uio->uio_offset,uio->uio_resid)); + dprintf(("hpfs_readdir(0x%x, 0x%x, 0x%lx): ", + hp->h_no, (u_int32_t)uio->uio_offset, uio->uio_resid)); /* * As we need to fake up . and .., and the remaining directory structure diff --git a/sys/vfs/isofs/cd9660/cd9660_vnops.c b/sys/vfs/isofs/cd9660/cd9660_vnops.c index fdf6b02dc6..82392931f8 100644 --- a/sys/vfs/isofs/cd9660/cd9660_vnops.c +++ b/sys/vfs/isofs/cd9660/cd9660_vnops.c @@ -314,8 +314,8 @@ cd9660_read(struct vop_read_args *ap) lbn = lblkno(imp, uio->uio_offset); loffset = lblktooff(imp, lbn); on = blkoff(imp, uio->uio_offset); - n = min((u_int)(imp->logical_block_size - on), - uio->uio_resid); + n = szmin((u_int)(imp->logical_block_size - on), + uio->uio_resid); diff = (off_t)ip->i_size - uio->uio_offset; if (diff <= 0) return (0); @@ -325,13 +325,15 @@ cd9660_read(struct vop_read_args *ap) rablock = lbn + 1; raoffset = lblktooff(imp, rablock); if ((vp->v_mount->mnt_flag & MNT_NOCLUSTERR) == 0) { - if (raoffset < ip->i_size) + if (raoffset < ip->i_size) { error = cluster_read(vp, (off_t)ip->i_size, - loffset, size, - uio->uio_resid, - (ap->a_ioflag >> 16), &bp); - else + loffset, size, + uio->uio_resid, + (ap->a_ioflag >> 16), + &bp); + } else { error = bread(vp, loffset, size, &bp); + } } else { if (seqcount > 1 && lblktosize(imp, rablock) < ip->i_size) { @@ -341,7 +343,7 @@ cd9660_read(struct vop_read_args *ap) } else error = bread(vp, loffset, size, &bp); } - n = min(n, size - bp->b_resid); + n = imin(n, size - bp->b_resid); if (error) { brelse(bp); return (error); diff --git a/sys/vfs/msdosfs/msdosfs_vnops.c b/sys/vfs/msdosfs/msdosfs_vnops.c index 131b2b2be0..14e54db681 100644 --- a/sys/vfs/msdosfs/msdosfs_vnops.c +++ b/sys/vfs/msdosfs/msdosfs_vnops.c @@ -543,7 +543,7 @@ msdosfs_read(struct vop_read_args *ap) int error = 0; int blsize; int isadir; - int orig_resid; + size_t orig_resid; u_int n; u_long diff; u_long on; @@ -568,7 +568,7 @@ msdosfs_read(struct vop_read_args *ap) * If they didn't ask for any data, then we are done. */ orig_resid = uio->uio_resid; - if (orig_resid <= 0) + if (orig_resid == 0) return (0); seqcount = ap->a_ioflag >> IO_SEQSHIFT; @@ -621,14 +621,14 @@ msdosfs_read(struct vop_read_args *ap) } on = uio->uio_offset & pmp->pm_crbomask; diff = pmp->pm_bpcluster - on; - n = diff > uio->uio_resid ? uio->uio_resid : diff; + n = szmin(uio->uio_resid, diff); diff = dep->de_FileSize - uio->uio_offset; if (diff < n) n = diff; diff = blsize - bp->b_resid; if (diff < n) n = diff; - error = uiomove(bp->b_data + on, (int) n, uio); + error = uiomove(bp->b_data + on, (size_t)n, uio); brelse(bp); } while (error == 0 && uio->uio_resid > 0 && n != 0); if (!isadir && (error == 0 || uio->uio_resid != orig_resid) && @@ -648,7 +648,7 @@ msdosfs_write(struct vop_write_args *ap) { int n; int croffset; - int resid; + size_t resid; u_long osize; int error = 0; u_long count; @@ -699,6 +699,8 @@ msdosfs_write(struct vop_write_args *ap) return (EFBIG); } + if ((uoff_t)uio->uio_offset > DOS_FILESIZE_MAX) + return (EFBIG); if ((uoff_t)uio->uio_offset + uio->uio_resid > DOS_FILESIZE_MAX) return (EFBIG); @@ -741,7 +743,7 @@ msdosfs_write(struct vop_write_args *ap) } croffset = uio->uio_offset & pmp->pm_crbomask; - n = min(uio->uio_resid, pmp->pm_bpcluster - croffset); + n = (int)szmin(uio->uio_resid, pmp->pm_bpcluster - croffset); if (uio->uio_offset + n > dep->de_FileSize) { dep->de_FileSize = uio->uio_offset + n; /* The object size needs to be set before buffer is allocated */ @@ -809,7 +811,7 @@ msdosfs_write(struct vop_write_args *ap) /* * Copy the data from user space into the buf header. */ - error = uiomove(bp->b_data + croffset, n, uio); + error = uiomove(bp->b_data + croffset, (size_t)n, uio); if (error) { brelse(bp); break; @@ -1667,7 +1669,7 @@ msdosfs_readdir(struct vop_readdir_args *ap) while (uio->uio_resid > 0) { lbn = de_off2cn(pmp, offset - bias); on = (offset - bias) & pmp->pm_crbomask; - n = min(pmp->pm_bpcluster - on, uio->uio_resid); + n = szmin(pmp->pm_bpcluster - on, uio->uio_resid); diff = dep->de_FileSize - (offset - bias); if (diff <= 0) break; diff --git a/sys/vfs/nfs/nfs_bio.c b/sys/vfs/nfs/nfs_bio.c index 7f92d7d1a0..b23d6a13f2 100644 --- a/sys/vfs/nfs/nfs_bio.c +++ b/sys/vfs/nfs/nfs_bio.c @@ -171,7 +171,7 @@ nfs_getpages(struct vop_getpages_args *ap) error = nfs_readrpc_uio(vp, &uio); msf_buf_free(msf); - if (error && (uio.uio_resid == count)) { + if (error && ((int)uio.uio_resid == count)) { kprintf("nfs_getpages: error %d\n", error); for (i = 0; i < npages; ++i) { if (i != ap->a_reqpage) @@ -186,7 +186,7 @@ nfs_getpages(struct vop_getpages_args *ap) * does not mean that the remaining data is invalid! */ - size = count - uio.uio_resid; + size = count - (int)uio.uio_resid; for (i = 0, toff = 0; i < npages; i++, toff = nextoff) { nextoff = toff + PAGE_SIZE; @@ -304,7 +304,7 @@ nfs_putpages(struct vop_putpages_args *ap) uio.uio_iov = &iov; uio.uio_iovcnt = 1; uio.uio_offset = offset; - uio.uio_resid = count; + uio.uio_resid = (size_t)count; uio.uio_segflg = UIO_SYSSPACE; uio.uio_rw = UIO_WRITE; uio.uio_td = td; @@ -319,7 +319,7 @@ nfs_putpages(struct vop_putpages_args *ap) msf_buf_free(msf); if (!error) { - int nwritten = round_page(count - uio.uio_resid) / PAGE_SIZE; + int nwritten = round_page(count - (int)uio.uio_resid) / PAGE_SIZE; for (i = 0; i < nwritten; i++) { rtvals[i] = VM_PAGER_OK; vm_page_undirty(pages[i]); @@ -515,7 +515,7 @@ again: n = 0; if (on < bcount) - n = min((unsigned)(bcount - on), uio->uio_resid); + n = (int)szmin((unsigned)(bcount - on), uio->uio_resid); break; case VLNK: biosize = min(NFS_MAXPATHLEN, np->n_size); @@ -535,7 +535,7 @@ again: return (error); } } - n = min(uio->uio_resid, bp->b_bcount - bp->b_resid); + n = (int)szmin(uio->uio_resid, bp->b_bcount - bp->b_resid); on = 0; break; case VDIR: @@ -649,7 +649,8 @@ again: * in np->n_direofoffset and chop it off as an extra step * right here. */ - n = lmin(uio->uio_resid, NFS_DIRBLKSIZ - bp->b_resid - on); + n = (int)szmin(uio->uio_resid, + NFS_DIRBLKSIZ - bp->b_resid - on); if (np->n_direofoffset && n > np->n_direofoffset - uio->uio_offset) n = np->n_direofoffset - uio->uio_offset; break; @@ -868,7 +869,7 @@ restart: lbn = uio->uio_offset / biosize; on = uio->uio_offset & (biosize-1); loffset = uio->uio_offset - on; - n = min((unsigned)(biosize - on), uio->uio_resid); + n = (int)szmin((unsigned)(biosize - on), uio->uio_resid); again: /* * Handle direct append and file extension cases, calculate @@ -1339,7 +1340,7 @@ nfs_doio(struct vnode *vp, struct bio *bio, struct thread *td) ("nfs_doio: bp %p already marked done!", bp)); if (bp->b_cmd == BUF_CMD_READ) { - io.iov_len = uiop->uio_resid = bp->b_bcount; + io.iov_len = uiop->uio_resid = (size_t)bp->b_bcount; io.iov_base = bp->b_data; uiop->uio_rw = UIO_READ; diff --git a/sys/vfs/ntfs/ntfs_vnops.c b/sys/vfs/ntfs/ntfs_vnops.c index f067aa7340..92a22fcb90 100644 --- a/sys/vfs/ntfs/ntfs_vnops.c +++ b/sys/vfs/ntfs/ntfs_vnops.c @@ -141,7 +141,9 @@ ntfs_read(struct vop_read_args *ap) int resid, off, toread; int error; - dprintf(("ntfs_read: ino: %d, off: %d resid: %d, segflg: %d\n",ip->i_number,(u_int32_t)uio->uio_offset,uio->uio_resid,uio->uio_segflg)); + dprintf(("ntfs_read: ino: %d, off: %d resid: %ld, segflg: %d\n", + ip->i_number, (u_int32_t)uio->uio_offset, + uio->uio_resid, uio->uio_segflg)); dprintf(("ntfs_read: filesize: %d",(u_int32_t)fp->f_size)); @@ -149,7 +151,7 @@ ntfs_read(struct vop_read_args *ap) if (uio->uio_offset > fp->f_size) return (0); - resid = min(uio->uio_resid, fp->f_size - uio->uio_offset); + resid = (int)szmin(uio->uio_resid, fp->f_size - uio->uio_offset); dprintf((", resid: %d\n", resid)); @@ -388,21 +390,25 @@ ntfs_write(struct vop_write_args *ap) struct ntnode *ip = FTONT(fp); struct uio *uio = ap->a_uio; struct ntfsmount *ntmp = ip->i_mp; - u_int64_t towrite; + size_t towrite; size_t written; int error; - dprintf(("ntfs_write: ino: %d, off: %d resid: %d, segflg: %d\n",ip->i_number,(u_int32_t)uio->uio_offset,uio->uio_resid,uio->uio_segflg)); + dprintf(("ntfs_write: ino: %d, off: %d resid: %ld, segflg: %d\n", + ip->i_number, (u_int32_t)uio->uio_offset, + uio->uio_resid, uio->uio_segflg)); dprintf(("ntfs_write: filesize: %d",(u_int32_t)fp->f_size)); if (uio->uio_resid + uio->uio_offset > fp->f_size) { kprintf("ntfs_write: CAN'T WRITE BEYOND END OF FILE\n"); return (EFBIG); } + if (uio->uio_offset > fp->f_size) + return (EFBIG); - towrite = min(uio->uio_resid, fp->f_size - uio->uio_offset); + towrite = szmin(uio->uio_resid, fp->f_size - uio->uio_offset); - dprintf((", towrite: %d\n",(u_int32_t)towrite)); + dprintf((", towrite: %ld\n", towrite)); error = ntfs_writeattr_plain(ntmp, ip, fp->f_attrtype, fp->f_attrname, uio->uio_offset, towrite, NULL, &written, uio); @@ -544,7 +550,9 @@ ntfs_readdir(struct vop_readdir_args *ap) int ncookies = 0; char convname[NTFS_MAXFILENAME + 1]; - dprintf(("ntfs_readdir %d off: %d resid: %d\n",ip->i_number,(u_int32_t)uio->uio_offset,uio->uio_resid)); + dprintf(("ntfs_readdir %d off: %d resid: %ld\n", + ip->i_number, (u_int32_t)uio->uio_offset, + uio->uio_resid)); if (uio->uio_offset < 0 || uio->uio_offset > INT_MAX) return (EINVAL); @@ -642,8 +650,8 @@ readdone: dprintf(("ntfs_readdir: %d entries (%d bytes) read\n", ncookies,(u_int)(uio->uio_offset - off))); - dprintf(("ntfs_readdir: off: %d resid: %d\n", - (u_int32_t)uio->uio_offset,uio->uio_resid)); + dprintf(("ntfs_readdir: off: %d resid: %ld\n", + (u_int32_t)uio->uio_offset, uio->uio_resid)); if (!error && ap->a_ncookies != NULL) { off_t *cookies; diff --git a/sys/vfs/nwfs/nwfs_io.c b/sys/vfs/nwfs/nwfs_io.c index 1f373b9a1b..f56efab6cf 100644 --- a/sys/vfs/nwfs/nwfs_io.c +++ b/sys/vfs/nwfs/nwfs_io.c @@ -79,7 +79,7 @@ static int nwfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred) { struct nwmount *nmp = VTONWFS(vp); - int error, count, i; + int error, i; struct nwnode *np; struct nw_entry_info fattr; struct vnode *newvp; @@ -91,11 +91,10 @@ nwfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred) np = VTONW(vp); NCPVNDEBUG("dirname='%s'\n",np->n_name); - if (uio->uio_resid < 0 || uio->uio_offset < 0 || uio->uio_offset > INT_MAX) + if (uio->uio_offset < 0 || uio->uio_offset > INT_MAX) return (EINVAL); error = 0; - count = 0; - i = uio->uio_offset; /* offset in directory */ + i = (int)uio->uio_offset; /* offset in directory */ if (i == 0) { error = ncp_initsearch(vp, uio->uio_td, cred); if (error) { @@ -175,8 +174,6 @@ nwfs_readvnode(struct vnode *vp, struct uio *uiop, struct ucred *cred) } if (uiop->uio_resid == 0) return 0; if (uiop->uio_offset < 0) return EINVAL; -/* if (uiop->uio_offset + uiop->uio_resid > nmp->nm_maxfilesize) - return (EFBIG);*/ td = uiop->uio_td; if (vp->v_type == VDIR) { error = nwfs_readvdir(vp, uiop, cred); @@ -217,8 +214,6 @@ nwfs_writevnode(struct vnode *vp, struct uio *uiop, struct ucred *cred, } NCPVNDEBUG("ofs=%d,resid=%d\n",(int)uiop->uio_offset, uiop->uio_resid); if (uiop->uio_offset < 0) return EINVAL; -/* if (uiop->uio_offset + uiop->uio_resid > nmp->nm_maxfilesize) - return (EFBIG);*/ td = uiop->uio_td; if (ioflag & (IO_APPEND | IO_SYNC)) { if (np->n_flag & NMODIFIED) { @@ -278,7 +273,7 @@ nwfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *td uiop->uio_td = td; if (bp->b_cmd == BUF_CMD_READ) { - io.iov_len = uiop->uio_resid = bp->b_bcount; + io.iov_len = uiop->uio_resid = (size_t)bp->b_bcount; io.iov_base = bp->b_data; uiop->uio_rw = UIO_READ; switch (vp->v_type) { @@ -288,10 +283,10 @@ nwfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *td if (error) break; if (uiop->uio_resid) { - int left = uiop->uio_resid; - int nread = bp->b_bcount - left; + size_t left = uiop->uio_resid; + size_t nread = bp->b_bcount - left; if (left > 0) - bzero((char *)bp->b_data + nread, left); + bzero((char *)bp->b_data + nread, left); } break; /* case VDIR: @@ -304,7 +299,7 @@ nwfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *td } if ((nmp->nm_flag & NFSMNT_RDIRPLUS) == 0) error = nfs_readdirrpc(vp, uiop, cr); - if (error == 0 && uiop->uio_resid == bp->b_bcount) + if (error == 0 && uiop->uio_resid == (size_t)bp->b_bcount) bp->b_flags |= B_INVAL; break; */ @@ -322,7 +317,8 @@ nwfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *td bp->b_dirtyend = np->n_size - bio->bio_offset; if (bp->b_dirtyend > bp->b_dirtyoff) { - io.iov_len = uiop->uio_resid = bp->b_dirtyend - bp->b_dirtyoff; + io.iov_len = uiop->uio_resid = + (size_t)(bp->b_dirtyend - bp->b_dirtyoff); uiop->uio_offset = bio->bio_offset + bp->b_dirtyoff; io.iov_base = (char *)bp->b_data + bp->b_dirtyoff; uiop->uio_rw = UIO_WRITE; @@ -364,7 +360,7 @@ nwfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *td return (0); } } - bp->b_resid = uiop->uio_resid; + bp->b_resid = (int)uiop->uio_resid; biodone(bio); return (error); } @@ -383,7 +379,10 @@ nwfs_getpages(struct vop_getpages_args *ap) return vnode_pager_generic_getpages(ap->a_vp, ap->a_m, ap->a_count, ap->a_reqpage); #else - int i, error, nextoff, size, toff, npages, count; + int i, error, npages; + size_t nextoff, toff; + size_t count; + size_t size; struct uio uio; struct iovec iov; vm_offset_t kva; @@ -402,7 +401,7 @@ nwfs_getpages(struct vop_getpages_args *ap) np = VTONW(vp); nmp = VFSTONWFS(vp->v_mount); pages = ap->a_m; - count = ap->a_count; + count = (size_t)ap->a_count; if (vp->v_object == NULL) { kprintf("nwfs_getpages: called with non-merged cache vnode??\n"); diff --git a/sys/vfs/procfs/procfs_mem.c b/sys/vfs/procfs/procfs_mem.c index 9d1426e468..f62a6ead4b 100644 --- a/sys/vfs/procfs/procfs_mem.c +++ b/sys/vfs/procfs/procfs_mem.c @@ -126,7 +126,7 @@ procfs_rwmem(struct proc *curp, struct proc *p, struct uio *uio) /* * How many bytes to copy */ - len = min(PAGE_SIZE - page_offset, uio->uio_resid); + len = szmin(PAGE_SIZE - page_offset, uio->uio_resid); /* * Fault the page on behalf of the process diff --git a/sys/vfs/procfs/procfs_rlimit.c b/sys/vfs/procfs/procfs_rlimit.c index 811f499e97..c2b015716b 100644 --- a/sys/vfs/procfs/procfs_rlimit.c +++ b/sys/vfs/procfs/procfs_rlimit.c @@ -61,16 +61,15 @@ procfs_dorlimit(struct proc *curp, struct lwp *lp, struct pfsnode *pfs, struct uio *uio) { struct proc *p = lp->lwp_proc; + size_t xlen; char *ps; - int i; - int xlen; int error; + int i; char psbuf[512]; /* XXX - conservative */ if (uio->uio_rw != UIO_READ) return (EOPNOTSUPP); - ps = psbuf; for (i = 0; i < RLIM_NLIMITS; i++) { @@ -114,10 +113,10 @@ procfs_dorlimit(struct proc *curp, struct lwp *lp, struct pfsnode *pfs, */ xlen = ps - psbuf; - xlen -= uio->uio_offset; - ps = psbuf + uio->uio_offset; - xlen = imin(xlen, uio->uio_resid); - if (xlen <= 0) + xlen -= (size_t)uio->uio_offset; + ps = psbuf + (size_t)uio->uio_offset; + xlen = szmin(xlen, uio->uio_resid); + if (xlen == 0) error = 0; else error = uiomove_frombuf(psbuf, xlen, uio); diff --git a/sys/vfs/procfs/procfs_status.c b/sys/vfs/procfs/procfs_status.c index 9a42620eef..a246e004c3 100644 --- a/sys/vfs/procfs/procfs_status.c +++ b/sys/vfs/procfs/procfs_status.c @@ -69,8 +69,8 @@ procfs_dostatus(struct proc *curp, struct lwp *lp, struct pfsnode *pfs, char *ps; char *sep; int pid, ppid, pgid, sid; + size_t xlen; int i; - int xlen; int error; char psbuf[256]; /* XXX - conservative */ @@ -168,10 +168,10 @@ procfs_dostatus(struct proc *curp, struct lwp *lp, struct pfsnode *pfs, DOCHECK(); xlen = ps - psbuf; - xlen -= uio->uio_offset; + xlen -= (size_t)uio->uio_offset; ps = psbuf + uio->uio_offset; - xlen = imin(xlen, uio->uio_resid); - if (xlen <= 0) + xlen = szmin(xlen, uio->uio_resid); + if (xlen == 0) error = 0; else error = uiomove_frombuf(ps, xlen, uio); @@ -188,14 +188,13 @@ procfs_docmdline(struct proc *curp, struct lwp *lp, struct pfsnode *pfs, { struct proc *p = lp->lwp_proc; char *ps; - int xlen; int error; char *buf, *bp; - int buflen; struct ps_strings pstr; char **ps_argvstr; int i; size_t bytes_left, done; + size_t buflen, xlen; if (uio->uio_rw != UIO_READ) return (EOPNOTSUPP); @@ -260,10 +259,10 @@ procfs_docmdline(struct proc *curp, struct lwp *lp, struct pfsnode *pfs, FREE(ps_argvstr, M_TEMP); } - buflen -= uio->uio_offset; - ps = bp + uio->uio_offset; - xlen = min(buflen, uio->uio_resid); - if (xlen <= 0) + buflen -= (size_t)uio->uio_offset; + ps = bp + (size_t)uio->uio_offset; + xlen = szmin(buflen, uio->uio_resid); + if (xlen == 0) error = 0; else error = uiomove_frombuf(bp, buflen, uio); diff --git a/sys/vfs/smbfs/smbfs_io.c b/sys/vfs/smbfs/smbfs_io.c index e6c2048584..d6b7340f47 100644 --- a/sys/vfs/smbfs/smbfs_io.c +++ b/sys/vfs/smbfs/smbfs_io.c @@ -83,14 +83,13 @@ smbfs_readvdir(struct vnode *vp, struct uio *uio, struct ucred *cred) struct smbfs_fctx *ctx; struct vnode *newvp; struct smbnode *np; - int error, offset, retval/*, *eofflag = ap->a_eofflag*/; + int error, offset, retval; np = VTOSMB(vp); SMBVDEBUG("dirname='%s'\n", np->n_name); smb_makescred(&scred, uio->uio_td, cred); - if (uio->uio_resid < 0 || uio->uio_offset < 0 || - uio->uio_offset > INT_MAX) + if (uio->uio_offset < 0 || uio->uio_offset > INT_MAX) return(EINVAL); error = 0; @@ -199,8 +198,6 @@ smbfs_readvnode(struct vnode *vp, struct uio *uiop, struct ucred *cred) return 0; if (uiop->uio_offset < 0) return EINVAL; -/* if (uiop->uio_offset + uiop->uio_resid > smp->nm_maxfilesize) - return EFBIG;*/ td = uiop->uio_td; if (vp->v_type == VDIR) { lks = LK_EXCLUSIVE;/*lockstatus(&vp->v_lock, td);*/ @@ -251,8 +248,6 @@ smbfs_writevnode(struct vnode *vp, struct uio *uiop, SMBVDEBUG("ofs=%d,resid=%d\n",(int)uiop->uio_offset, uiop->uio_resid); if (uiop->uio_offset < 0) return EINVAL; -/* if (uiop->uio_offset + uiop->uio_resid > smp->nm_maxfilesize) - return (EFBIG);*/ td = uiop->uio_td; if (ioflag & (IO_APPEND | IO_SYNC)) { if (np->n_flag & NMODIFIED) { @@ -315,7 +310,7 @@ smbfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *t smb_makescred(&scred, td, cr); if (bp->b_cmd == BUF_CMD_READ) { - io.iov_len = uiop->uio_resid = bp->b_bcount; + io.iov_len = uiop->uio_resid = (size_t)bp->b_bcount; io.iov_base = bp->b_data; uiop->uio_rw = UIO_READ; switch (vp->v_type) { @@ -325,10 +320,10 @@ smbfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *t if (error) break; if (uiop->uio_resid) { - int left = uiop->uio_resid; - int nread = bp->b_bcount - left; + size_t left = uiop->uio_resid; + size_t nread = (size_t)bp->b_bcount - left; if (left > 0) - bzero((char *)bp->b_data + nread, left); + bzero((char *)bp->b_data + nread, left); } break; default: @@ -345,7 +340,8 @@ smbfs_doio(struct vnode *vp, struct bio *bio, struct ucred *cr, struct thread *t bp->b_dirtyend = np->n_size - bio->bio_offset; if (bp->b_dirtyend > bp->b_dirtyoff) { - io.iov_len = uiop->uio_resid = bp->b_dirtyend - bp->b_dirtyoff; + io.iov_len = uiop->uio_resid = + (size_t)(bp->b_dirtyend - bp->b_dirtyoff); uiop->uio_offset = bio->bio_offset + bp->b_dirtyoff; io.iov_base = (char *)bp->b_data + bp->b_dirtyoff; uiop->uio_rw = UIO_WRITE; @@ -404,8 +400,9 @@ smbfs_getpages(struct vop_getpages_args *ap) #ifdef SMBFS_RWGENERIC return vop_stdgetpages(ap); #else - int i, error, nextoff, size, toff, npages, count; + int i, error, npages; int doclose; + size_t size, toff, nextoff, count; struct uio uio; struct iovec iov; vm_offset_t kva; @@ -425,7 +422,7 @@ smbfs_getpages(struct vop_getpages_args *ap) np = VTOSMB(vp); smp = VFSTOSMBFS(vp->v_mount); pages = ap->a_m; - count = ap->a_count; + count = (size_t)ap->a_count; if (vp->v_object == NULL) { kprintf("smbfs_getpages: called with non-merged cache vnode??\n"); diff --git a/sys/vfs/userfs/userfs_vnops.c b/sys/vfs/userfs/userfs_vnops.c index c898b10aa0..fcfe81b03c 100644 --- a/sys/vfs/userfs/userfs_vnops.c +++ b/sys/vfs/userfs/userfs_vnops.c @@ -233,8 +233,9 @@ user_vop_write (struct vop_write_args *ap) struct buf *bp; struct uio *uio; int error; - int offset; - int n; + off_t loffset; + size_t offset; + size_t n; vp = ap->a_vp; ip = vp->v_data; @@ -249,8 +250,15 @@ user_vop_write (struct vop_write_args *ap) /* * Check for illegal write offsets. Valid range is 0...2^63-1 */ - if (uio->uio_offset < 0 || uio->uio_offset + uio->uio_resid <= 0) + loffset = uio->uio_offset; + if (loffset < 0) return (EFBIG); + if (uio->uio_resid) { + /* GCC4 - workaround optimization */ + loffset += uio->uio_resid; + if (loffset <= 0) + return (EFBIG); + } kprintf("userfs_write\n"); error = 0; @@ -264,7 +272,7 @@ user_vop_write (struct vop_write_args *ap) * * XXX No need to read if strictly appending. */ - offset = (int)uio->uio_offset & USERFS_BMASK; + offset = (size_t)uio->uio_offset & USERFS_BMASK; /* if offset == ip->filesize use getblk instead */ error = bread(vp, uio->uio_offset - offset, USERFS_BSIZE, &bp); if (error) { @@ -279,7 +287,7 @@ user_vop_write (struct vop_write_args *ap) if (n > uio->uio_resid) n = uio->uio_resid; if (n > ip->filesize - uio->uio_offset) - n = (int)(ip->filesize - uio->uio_offset); + n = (size_t)(ip->filesize - uio->uio_offset); error = uiomove((char *)bp->b_data + offset, n, uio); if (error) { diff --git a/sys/vm/vm_extern.h b/sys/vm/vm_extern.h index 34837e7ea4..4729729d7c 100644 --- a/sys/vm/vm_extern.h +++ b/sys/vm/vm_extern.h @@ -74,7 +74,7 @@ int swapon (struct proc *, void *, int *); #endif int grow (struct proc *, size_t); -int grow_stack (struct proc *, size_t); +int grow_stack (struct proc *, vm_offset_t); int kernacc(c_caddr_t, int, int); vm_offset_t kmem_alloc3 (vm_map_t, vm_size_t, int flags); vm_offset_t kmem_alloc_nofault (vm_map_t, vm_size_t); diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c index 8693e10e02..0f7df62b3c 100644 --- a/sys/vm/vm_mmap.c +++ b/sys/vm/vm_mmap.c @@ -154,6 +154,7 @@ kern_mmap(struct vmspace *vms, caddr_t uaddr, size_t ulen, struct file *fp = NULL; struct vnode *vp; vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; vm_prot_t prot, maxprot; void *handle; @@ -170,8 +171,12 @@ kern_mmap(struct vmspace *vms, caddr_t uaddr, size_t ulen, flags = uflags; pos = upos; - /* make sure mapping fits into numeric range etc */ - if ((ssize_t) ulen < 0 || ((flags & MAP_ANON) && fd != -1)) + /* + * Make sure mapping fits into numeric range etc. + * + * NOTE: We support the full unsigned range for size now. + */ + if (((flags & MAP_ANON) && fd != -1)) return (EINVAL); if (flags & MAP_STACK) { @@ -209,6 +214,8 @@ kern_mmap(struct vmspace *vms, caddr_t uaddr, size_t ulen, /* Adjust size for rounding (on both ends). */ size += pageoff; /* low end... */ size = (vm_size_t) round_page(size); /* hi end */ + if (size < ulen) /* wrap */ + return(EINVAL); /* * Check for illegal addresses. Watch out for address wrap... Note @@ -223,13 +230,17 @@ kern_mmap(struct vmspace *vms, caddr_t uaddr, size_t ulen, addr -= pageoff; if (addr & PAGE_MASK) return (EINVAL); - /* Address range must be all in user VM space. */ - if (VM_MAX_USER_ADDRESS > 0 && addr + size > VM_MAX_USER_ADDRESS) + + /* + * Address range must be all in user VM space and not wrap. + */ + tmpaddr = addr + size; + if (tmpaddr < addr) + return (EINVAL); + if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) return (EINVAL); if (VM_MIN_USER_ADDRESS > 0 && addr < VM_MIN_USER_ADDRESS) return (EINVAL); - if (addr + size < addr) - return (EINVAL); } else { /* * Set a reasonable start point for the hint if it was @@ -399,7 +410,7 @@ kern_mmap(struct vmspace *vms, caddr_t uaddr, size_t ulen, } error = vm_mmap(&vms->vm_map, &addr, size, prot, maxprot, - flags, handle, pos); + flags, handle, pos); if (error == 0) *res = (void *)(addr + pageoff); done: @@ -421,13 +432,14 @@ sys_mmap(struct mmap_args *uap) } /* - * msync_args(void *addr, int len, int flags) + * msync_args(void *addr, size_t len, int flags) */ int sys_msync(struct msync_args *uap) { struct proc *p = curproc; vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; int flags; vm_map_t map; @@ -441,7 +453,10 @@ sys_msync(struct msync_args *uap) addr -= pageoff; size += pageoff; size = (vm_size_t) round_page(size); - if (addr + size < addr) + if (size < uap->len) /* wrap */ + return(EINVAL); + tmpaddr = addr + size; /* workaround gcc4 opt */ + if (tmpaddr < addr) /* wrap */ return(EINVAL); if ((flags & (MS_ASYNC|MS_INVALIDATE)) == (MS_ASYNC|MS_INVALIDATE)) @@ -496,6 +511,7 @@ sys_munmap(struct munmap_args *uap) { struct proc *p = curproc; vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; vm_map_t map; @@ -506,7 +522,10 @@ sys_munmap(struct munmap_args *uap) addr -= pageoff; size += pageoff; size = (vm_size_t) round_page(size); - if (addr + size < addr) + if (size < uap->len) /* wrap */ + return(EINVAL); + tmpaddr = addr + size; /* workaround gcc4 opt */ + if (tmpaddr < addr) /* wrap */ return(EINVAL); if (size == 0) @@ -516,7 +535,7 @@ sys_munmap(struct munmap_args *uap) * Check for illegal addresses. Watch out for address wrap... Note * that VM_*_ADDRESS are not constants due to casts (argh). */ - if (VM_MAX_USER_ADDRESS > 0 && addr + size > VM_MAX_USER_ADDRESS) + if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) return (EINVAL); if (VM_MIN_USER_ADDRESS > 0 && addr < VM_MIN_USER_ADDRESS) return (EINVAL); @@ -539,6 +558,7 @@ sys_mprotect(struct mprotect_args *uap) { struct proc *p = curproc; vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; vm_prot_t prot; @@ -554,7 +574,10 @@ sys_mprotect(struct mprotect_args *uap) addr -= pageoff; size += pageoff; size = (vm_size_t) round_page(size); - if (addr + size < addr) + if (size < uap->len) /* wrap */ + return(EINVAL); + tmpaddr = addr + size; /* workaround gcc4 opt */ + if (tmpaddr < addr) /* wrap */ return(EINVAL); switch (vm_map_protect(&p->p_vmspace->vm_map, addr, addr + size, prot, @@ -575,6 +598,7 @@ sys_minherit(struct minherit_args *uap) { struct proc *p = curproc; vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; vm_inherit_t inherit; @@ -586,7 +610,10 @@ sys_minherit(struct minherit_args *uap) addr -= pageoff; size += pageoff; size = (vm_size_t) round_page(size); - if (addr + size < addr) + if (size < uap->len) /* wrap */ + return(EINVAL); + tmpaddr = addr + size; /* workaround gcc4 opt */ + if (tmpaddr < addr) /* wrap */ return(EINVAL); switch (vm_map_inherit(&p->p_vmspace->vm_map, addr, addr+size, @@ -608,6 +635,7 @@ sys_madvise(struct madvise_args *uap) { struct proc *p = curproc; vm_offset_t start, end; + vm_offset_t tmpaddr = (vm_offset_t)uap->addr + uap->len; /* * Check for illegal behavior @@ -618,23 +646,22 @@ sys_madvise(struct madvise_args *uap) * Check for illegal addresses. Watch out for address wrap... Note * that VM_*_ADDRESS are not constants due to casts (argh). */ - if (VM_MAX_USER_ADDRESS > 0 && - ((vm_offset_t) uap->addr + uap->len) > VM_MAX_USER_ADDRESS) + if (tmpaddr < (vm_offset_t)uap->addr) return (EINVAL); - if (VM_MIN_USER_ADDRESS > 0 && uap->addr < VM_MIN_USER_ADDRESS) + if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) return (EINVAL); - if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr) + if (VM_MIN_USER_ADDRESS > 0 && uap->addr < VM_MIN_USER_ADDRESS) return (EINVAL); /* * Since this routine is only advisory, we default to conservative * behavior. */ - start = trunc_page((vm_offset_t) uap->addr); - end = round_page((vm_offset_t) uap->addr + uap->len); + start = trunc_page((vm_offset_t)uap->addr); + end = round_page(tmpaddr); return (vm_map_madvise(&p->p_vmspace->vm_map, start, end, - uap->behav, 0)); + uap->behav, 0)); } /* @@ -646,6 +673,7 @@ sys_mcontrol(struct mcontrol_args *uap) { struct proc *p = curproc; vm_offset_t start, end; + vm_offset_t tmpaddr = (vm_offset_t)uap->addr + uap->len; /* * Check for illegal behavior @@ -656,23 +684,22 @@ sys_mcontrol(struct mcontrol_args *uap) * Check for illegal addresses. Watch out for address wrap... Note * that VM_*_ADDRESS are not constants due to casts (argh). */ - if (VM_MAX_USER_ADDRESS > 0 && - ((vm_offset_t) uap->addr + uap->len) > VM_MAX_USER_ADDRESS) + if (tmpaddr < (vm_offset_t) uap->addr) return (EINVAL); - if (VM_MIN_USER_ADDRESS > 0 && uap->addr < VM_MIN_USER_ADDRESS) + if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) return (EINVAL); - if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr) + if (VM_MIN_USER_ADDRESS > 0 && uap->addr < VM_MIN_USER_ADDRESS) return (EINVAL); /* * Since this routine is only advisory, we default to conservative * behavior. */ - start = trunc_page((vm_offset_t) uap->addr); - end = round_page((vm_offset_t) uap->addr + uap->len); + start = trunc_page((vm_offset_t)uap->addr); + end = round_page(tmpaddr); return (vm_map_madvise(&p->p_vmspace->vm_map, start, end, - uap->behav, uap->value)); + uap->behav, uap->value)); } @@ -702,10 +729,10 @@ sys_mincore(struct mincore_args *uap) */ first_addr = addr = trunc_page((vm_offset_t) uap->addr); end = addr + (vm_size_t)round_page(uap->len); - if (VM_MAX_USER_ADDRESS > 0 && end > VM_MAX_USER_ADDRESS) - return (EINVAL); if (end < addr) return (EINVAL); + if (VM_MAX_USER_ADDRESS > 0 && end > VM_MAX_USER_ADDRESS) + return (EINVAL); /* * Address of byte vector @@ -883,6 +910,7 @@ int sys_mlock(struct mlock_args *uap) { vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; int error; struct proc *p = curproc; @@ -894,9 +922,10 @@ sys_mlock(struct mlock_args *uap) addr -= pageoff; size += pageoff; size = (vm_size_t) round_page(size); - - /* disable wrap around */ - if (addr + size < addr) + if (size < uap->len) /* wrap */ + return(EINVAL); + tmpaddr = addr + size; /* workaround gcc4 opt */ + if (tmpaddr < addr) /* wrap */ return (EINVAL); if (atop(size) + vmstats.v_wire_count > vm_page_max_wired) @@ -943,6 +972,7 @@ sys_munlock(struct munlock_args *uap) struct thread *td = curthread; struct proc *p = td->td_proc; vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; int error; @@ -954,8 +984,8 @@ sys_munlock(struct munlock_args *uap) size += pageoff; size = (vm_size_t) round_page(size); - /* disable wrap around */ - if (addr + size < addr) + tmpaddr = addr + size; + if (tmpaddr < addr) /* wrap */ return (EINVAL); #ifndef pmap_wired_count @@ -992,7 +1022,10 @@ vm_mmap(vm_map_t map, vm_offset_t *addr, vm_size_t size, vm_prot_t prot, if (size == 0) return (0); - objsize = size = round_page(size); + objsize = round_page(size); + if (objsize < size) + return (EINVAL); + size = objsize; /* * XXX messy code, fixme @@ -1001,7 +1034,7 @@ vm_mmap(vm_map_t map, vm_offset_t *addr, vm_size_t size, vm_prot_t prot, * will optimize it out. */ if ((p = curproc) != NULL && map == &p->p_vmspace->vm_map) { - esize = map->size + size; + esize = map->size + size; /* workaround gcc4 opt */ if (esize < map->size || esize > p->p_rlimit[RLIMIT_VMEM].rlim_cur) { return(ENOMEM); diff --git a/sys/vm/vm_vmspace.c b/sys/vm/vm_vmspace.c index e4988dea20..397f2f36ab 100644 --- a/sys/vm/vm_vmspace.c +++ b/sys/vm/vm_vmspace.c @@ -244,6 +244,7 @@ sys_vmspace_munmap(struct vmspace_munmap_args *uap) struct vkernel_proc *vkp; struct vmspace_entry *ve; vm_offset_t addr; + vm_offset_t tmpaddr; vm_size_t size, pageoff; vm_map_t map; @@ -262,17 +263,20 @@ sys_vmspace_munmap(struct vmspace_munmap_args *uap) addr -= pageoff; size += pageoff; size = (vm_size_t)round_page(size); - if (addr + size < addr) + if (size < uap->len) /* wrap */ + return (EINVAL); + tmpaddr = addr + size; /* workaround gcc4 opt */ + if (tmpaddr < addr) /* wrap */ return (EINVAL); if (size == 0) return (0); - if (VM_MAX_USER_ADDRESS > 0 && addr + size > VM_MAX_USER_ADDRESS) + if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) return (EINVAL); if (VM_MIN_USER_ADDRESS > 0 && addr < VM_MIN_USER_ADDRESS) return (EINVAL); map = &ve->vmspace->vm_map; - if (!vm_map_check_protection(map, addr, addr + size, VM_PROT_NONE)) + if (!vm_map_check_protection(map, addr, tmpaddr, VM_PROT_NONE)) return (EINVAL); vm_map_remove(map, addr, addr + size); return (0); @@ -331,6 +335,7 @@ sys_vmspace_mcontrol(struct vmspace_mcontrol_args *uap) struct vkernel_proc *vkp; struct vmspace_entry *ve; vm_offset_t start, end; + vm_offset_t tmpaddr = (vm_offset_t)uap->addr + uap->len; if ((vkp = curproc->p_vkernel) == NULL) return (EINVAL); @@ -343,16 +348,15 @@ sys_vmspace_mcontrol(struct vmspace_mcontrol_args *uap) if (uap->behav < 0 || uap->behav > MADV_CONTROL_END) return (EINVAL); - if (VM_MAX_USER_ADDRESS > 0 && - ((vm_offset_t) uap->addr + uap->len) > VM_MAX_USER_ADDRESS) + if (tmpaddr < (vm_offset_t)uap->addr) return (EINVAL); - if (VM_MIN_USER_ADDRESS > 0 && uap->addr < VM_MIN_USER_ADDRESS) + if (VM_MAX_USER_ADDRESS > 0 && tmpaddr > VM_MAX_USER_ADDRESS) return (EINVAL); - if (((vm_offset_t) uap->addr + uap->len) < (vm_offset_t) uap->addr) + if (VM_MIN_USER_ADDRESS > 0 && uap->addr < VM_MIN_USER_ADDRESS) return (EINVAL); start = trunc_page((vm_offset_t) uap->addr); - end = round_page((vm_offset_t) uap->addr + uap->len); + end = round_page(tmpaddr); return (vm_map_madvise(&ve->vmspace->vm_map, start, end, uap->behav, uap->value)); -- 2.41.0