From e3a03f0cfb9cf730de9d5ab08b2182baac4f2f77 Mon Sep 17 00:00:00 2001 From: Bruce Evans Date: Sat, 6 Jun 1998 03:06:55 +0000 Subject: [PATCH] Don't attempt to copy the whole slices "struct" for DIOCGSLICEINFO. The slices "struct" isn't really a struct; we allocate only part of it in the fully dangerously dedicated case. Since the "struct" is malloced, the page beyond it may not be mapped, so attempts to copy it would crash. This problem became larger when the full struct was bloated from < 1K to > 3K by the addition of (mostly unused) DEVFS tokens some time before 2.2.0 was released. --- sys/kern/subr_diskslice.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/kern/subr_diskslice.c b/sys/kern/subr_diskslice.c index 76b7d9a1094..c8bca744b4c 100644 --- a/sys/kern/subr_diskslice.c +++ b/sys/kern/subr_diskslice.c @@ -46,7 +46,7 @@ * from: wd.c,v 1.55 1994/10/22 01:57:12 phk Exp $ * from: @(#)ufs_disksubr.c 7.16 (Berkeley) 5/4/91 * from: ufs_disksubr.c,v 1.8 1994/06/07 01:21:39 phk Exp $ - * $Id: subr_diskslice.c,v 1.44 1998/04/24 11:49:57 obrien Exp $ + * $Id: subr_diskslice.c,v 1.45 1998/04/24 11:50:30 obrien Exp $ */ #include "opt_devfs.h" @@ -344,7 +344,8 @@ dsioctl(dname, dev, cmd, data, flags, sspp, strat, setgeom) return (0); case DIOCGSLICEINFO: - *(struct diskslices *)data = *ssp; + bcopy(ssp, data, (char *)&ssp->dss_slices[ssp->dss_nslices] - + (char *)ssp); return (0); case DIOCSBAD: