Don't attempt to copy the whole slices "struct" for DIOCGSLICEINFO.
The slices "struct" isn't really a struct; we allocate only part of it in the fully dangerously dedicated case. Since the "struct" is malloced, the page beyond it may not be mapped, so attempts to copy it would crash. This problem became larger when the full struct was bloated from < 1K to > 3K by the addition of (mostly unused) DEVFS tokens some time before 2.2.0 was released.
This commit is contained in:
Bruce Evans
parent
fbfd95bb1c
commit
e3a03f0cfb
@ -46,7 +46,7 @@
|
||||
* from: wd.c,v 1.55 1994/10/22 01:57:12 phk Exp $
|
||||
* from: @(#)ufs_disksubr.c 7.16 (Berkeley) 5/4/91
|
||||
* from: ufs_disksubr.c,v 1.8 1994/06/07 01:21:39 phk Exp $
|
||||
* $Id: subr_diskslice.c,v 1.44 1998/04/24 11:49:57 obrien Exp $
|
||||
* $Id: subr_diskslice.c,v 1.45 1998/04/24 11:50:30 obrien Exp $
|
||||
*/
|
||||
|
||||
#include "opt_devfs.h"
|
||||
@ -344,7 +344,8 @@ dsioctl(dname, dev, cmd, data, flags, sspp, strat, setgeom)
|
||||
return (0);
|
||||
|
||||
case DIOCGSLICEINFO:
|
||||
*(struct diskslices *)data = *ssp;
|
||||
bcopy(ssp, data, (char *)&ssp->dss_slices[ssp->dss_nslices] -
|
||||
(char *)ssp);
|
||||
return (0);
|
||||
|
||||
case DIOCSBAD:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user