Index: sys/dev/bnxt/if_bnxt.c =================================================================== --- sys/dev/bnxt/if_bnxt.c +++ sys/dev/bnxt/if_bnxt.c @@ -1650,25 +1650,22 @@ { struct bnxt_softc *softc = iflib_get_softc(ctx); struct ifreq *ifr = (struct ifreq *)data; - struct ifreq_buffer *ifbuf = &ifr->ifr_ifru.ifru_buffer; - struct bnxt_ioctl_header *ioh = - (struct bnxt_ioctl_header *)(ifbuf->buffer); + struct bnxt_ioctl_header *ioh; + size_t iol; int rc = ENOTSUP; - struct bnxt_ioctl_data *iod = NULL; + struct bnxt_ioctl_data iod_storage, *iod = &iod_storage; + + ioh = ifr_buffer_get_buffer(ifr); + iol = ifr_buffer_get_length(ifr); switch (command) { case SIOCGPRIVATE_0: if ((rc = priv_check(curthread, PRIV_DRIVER)) != 0) goto exit; - iod = malloc(ifbuf->length, M_DEVBUF, M_NOWAIT | M_ZERO); - if (!iod) { - rc = ENOMEM; - goto exit; - } - copyin(ioh, iod, ifbuf->length); + copyin(ioh, iod, iol); - switch (ioh->type) { + switch (iod->hdr.type) { case BNXT_HWRM_NVM_FIND_DIR_ENTRY: { struct bnxt_ioctl_hwrm_nvm_find_dir_entry *find = @@ -1686,7 +1683,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1726,7 +1723,7 @@ remain -= csize; } if (iod->hdr.rc == 0) - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); iflib_dma_free(&dma_data); rc = 0; @@ -1746,7 +1743,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1766,7 +1763,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1788,7 +1785,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1807,7 +1804,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1827,7 +1824,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1854,7 +1851,7 @@ copyout(dma_data.idi_vaddr, get->data, get->entry_length * get->entries); iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } iflib_dma_free(&dma_data); @@ -1875,7 +1872,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1897,7 +1894,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1916,7 +1913,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1937,7 +1934,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; @@ -1958,7 +1955,7 @@ } else { iod->hdr.rc = 0; - copyout(iod, ioh, ifbuf->length); + copyout(iod, ioh, iol); } rc = 0; Index: sys/net/if.c =================================================================== --- sys/net/if.c +++ sys/net/if.c @@ -2414,7 +2414,7 @@ return (ifp); } -static void * +void * ifr_buffer_get_buffer(void *data) { union ifreq_union *ifrup; @@ -2442,7 +2442,7 @@ ifrup->ifr.ifr_ifru.ifru_buffer.buffer = NULL; } -static size_t +size_t ifr_buffer_get_length(void *data) { union ifreq_union *ifrup; Index: sys/net/if_var.h =================================================================== --- sys/net/if_var.h +++ sys/net/if_var.h @@ -782,6 +782,8 @@ /* accessors for struct ifreq */ void *ifr_data_get_ptr(void *ifrp); +void *ifr_buffer_get_buffer(void *data); +size_t ifr_buffer_get_length(void *data); int ifhwioctl(u_long, struct ifnet *, caddr_t, struct thread *);