The previous code was obviously wrong, the new code makes the same
accesses to userspace via the correct mechanism. xge_ioctl_registers()
has further obvious issues, but there seems to be little point in fixing
them.
Details
it compiles...
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
sys/dev/nxge/if_nxge.c | ||
---|---|---|
1377 ↗ | (On Diff #40733) | If this is the only use, I would actually prefer to kill 'data' entirely to avoid someone trying to use additional bytes and instead do something like: char query; ... query = fubyte(ifreqp->ifr_data); if (query == -1) return (EFAULT); switch (query) { Also, I wonder if we should prefer fuebyte() in new code instead? (Maybe kib@ has an opinion on that) |
1547 ↗ | (On Diff #40733) | The fact that it does copyout() already makes this function even more amusing. |
sys/dev/nxge/if_nxge.c | ||
---|---|---|
1377 ↗ | (On Diff #40733) | data is used later or I would have done that. We don't currently have fuebyte() |
1547 ↗ | (On Diff #40733) | The strcmp() cases will certainly not trigger in most cases because option is a char[2] followed by an int64_t so there's garbage in the pad unless the did a bzero first. This driver is best fixed with svn rm, but I'm changing ifr_data use so needed to do a little fixing. |
Agreed that the driver is dubious at best. I'm not sure if it's even really used. I don't think it was a commodity part.
sys/dev/nxge/if_nxge.c | ||
---|---|---|
1506 ↗ | (On Diff #40733) | So this is the only place that uses 'data' and it is wrong (sizeof is wrong). I would probably fix this by not abusing data but just using a local 'char mode' and passing '&mode' to copyout(). |