[CALL FOR TESTERS] New system call: abort2()

John Baldwin jhb at freebsd.org
Fri Dec 16 08:13:51 PST 2005 

On Friday 16 December 2005 04:10 am, Peter Jeremy wrote:
> On Thu, 2005-Dec-15 22:37:45 +0000, Wojciech A. Koszek wrote:
> >	abort2(const char *why, int nargs, void **args);
> >
> >"why" is reason of program abort, "nargs" is number of arguments
> >passed in "args". Both "why" and "args" (with "%p" format) will be
> >printed via log(9). Sample output:
> >[..]
> >pid <3004> <abort2> abort2: ABORT2 <arg0:0x62612f2e>
> >pid <3019> <abort2> abort2: invalid argument
> >[..]
>
> I don't believe the following code is correct.  uap->args is a
> userspace pointer so uap->args[i] is dereferencing a userspace
> argument in kernelspace.
> +                       arg = uargs[i] = (void *) fuword(uap->args[i]);
> I think it should be fuword(uap->args + i);
>
> I don't see the point of the following test.  "arg" is printed using
> %p and never de-referenced so there's no reason it can't be NULL.  I
> would see that a legitimate use of abort2() is when the application
> detects that a pointer is unexpectedly NULL.  Aborting on -1 is less
> clear - if fuword() fails, it will return -1 but, equally, a faulty
> user application may have left -1 in a pointer.  (Note that mmap(2)
> returns -1 on error so it's not inconceivable that a pointer could
> contain -1).
>
> +                       /* Prevent from faults in user-space */
> +                       if (arg == NULL || arg == (void *)-1) {
> +                               error = EINVAL;
> +                               break;
> +                       }
>
> Taking the above into account, I believe the code should be:
> +               if (uap->args == NULL)
> +                       break;
> +               error = copyin(uap->args, uargs, uap->nargs * sizeof (void
> *)); +               if (error != 0)
> +                       break;

Agreed.  Also, copyinstr() can provide a better interface for copying the why 
string in.  Also, the PROC LOCK isn't needed for reading the static p_pid and 
p_comm fields of struct proc.  Also, I second the other comments of do { } 
while(0) vs goto.  Many existing syscalls use 'goto out;' for error handling, 
and I think that is one of the very few cases when goto is useful and not 
harmful.

-- 
John Baldwin <jhb at FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve"  =  http://www.FreeBSD.org

More information about the freebsd-hackers mailing list