Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 19:29:22 +03:00
|
|
|
/* $NetBSD: criov.c,v 1.9 2018/09/03 16:29:37 riastradh Exp $ */
|
2003-07-26 01:12:39 +04:00
|
|
|
/* $OpenBSD: criov.c,v 1.11 2002/06/10 19:36:43 espie Exp $ */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) 1999 Theo de Raadt
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
*
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. The name of the author may not be used to endorse or promote products
|
|
|
|
* derived from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 19:29:22 +03:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: criov.c,v 1.9 2018/09/03 16:29:37 riastradh Exp $");
|
2003-07-26 01:12:39 +04:00
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
|
|
|
#include <sys/proc.h>
|
|
|
|
#include <sys/errno.h>
|
|
|
|
#include <sys/malloc.h>
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
#include <sys/mbuf.h>
|
|
|
|
|
|
|
|
#include <uvm/uvm_extern.h>
|
|
|
|
|
|
|
|
#include <opencrypto/cryptodev.h>
|
|
|
|
int cuio_getindx(struct uio *uio, int loc, int *off);
|
|
|
|
|
|
|
|
|
|
|
|
void
|
2009-03-15 00:04:01 +03:00
|
|
|
cuio_copydata(struct uio *uio, int off, int len, void *cp)
|
2003-07-26 01:12:39 +04:00
|
|
|
{
|
|
|
|
struct iovec *iov = uio->uio_iov;
|
|
|
|
int iol = uio->uio_iovcnt;
|
|
|
|
unsigned count;
|
|
|
|
|
|
|
|
if (off < 0)
|
|
|
|
panic("cuio_copydata: off %d < 0", off);
|
|
|
|
if (len < 0)
|
|
|
|
panic("cuio_copydata: len %d < 0", len);
|
|
|
|
while (off > 0) {
|
|
|
|
if (iol == 0)
|
|
|
|
panic("iov_copydata: empty in skip");
|
|
|
|
if (off < iov->iov_len)
|
|
|
|
break;
|
|
|
|
off -= iov->iov_len;
|
|
|
|
iol--;
|
|
|
|
iov++;
|
|
|
|
}
|
|
|
|
while (len > 0) {
|
|
|
|
if (iol == 0)
|
|
|
|
panic("cuio_copydata: empty");
|
Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 19:29:22 +03:00
|
|
|
count = uimin(iov->iov_len - off, len);
|
2007-03-04 08:59:00 +03:00
|
|
|
memcpy(cp, (char *)iov->iov_base + off, count);
|
2003-07-26 01:12:39 +04:00
|
|
|
len -= count;
|
2007-03-04 08:59:00 +03:00
|
|
|
cp = (char *)cp + count;
|
2003-07-26 01:12:39 +04:00
|
|
|
off = 0;
|
|
|
|
iol--;
|
|
|
|
iov++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2009-03-15 00:04:01 +03:00
|
|
|
cuio_copyback(struct uio *uio, int off, int len, void *cp)
|
2003-07-26 01:12:39 +04:00
|
|
|
{
|
|
|
|
struct iovec *iov = uio->uio_iov;
|
|
|
|
int iol = uio->uio_iovcnt;
|
|
|
|
unsigned count;
|
|
|
|
|
|
|
|
if (off < 0)
|
|
|
|
panic("cuio_copyback: off %d < 0", off);
|
|
|
|
if (len < 0)
|
|
|
|
panic("cuio_copyback: len %d < 0", len);
|
|
|
|
while (off > 0) {
|
2011-02-24 22:28:03 +03:00
|
|
|
if (iol == 0) {
|
|
|
|
#ifdef DEBUG
|
|
|
|
printf("cuio_copyback: empty in skip\n");
|
|
|
|
#endif
|
|
|
|
return;
|
|
|
|
}
|
2003-07-26 01:12:39 +04:00
|
|
|
if (off < iov->iov_len)
|
|
|
|
break;
|
|
|
|
off -= iov->iov_len;
|
|
|
|
iol--;
|
|
|
|
iov++;
|
|
|
|
}
|
|
|
|
while (len > 0) {
|
2011-02-24 22:28:03 +03:00
|
|
|
if (iol == 0) {
|
|
|
|
#ifdef DEBUG
|
|
|
|
printf("uio_copyback: empty\n");
|
|
|
|
#endif
|
|
|
|
return;
|
|
|
|
}
|
Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 19:29:22 +03:00
|
|
|
count = uimin(iov->iov_len - off, len);
|
2007-03-04 08:59:00 +03:00
|
|
|
memcpy((char *)iov->iov_base + off, cp, count);
|
2003-07-26 01:12:39 +04:00
|
|
|
len -= count;
|
2007-03-04 08:59:00 +03:00
|
|
|
cp = (char *)cp + count;
|
2003-07-26 01:12:39 +04:00
|
|
|
off = 0;
|
|
|
|
iol--;
|
|
|
|
iov++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return a pointer to iov/offset of location in iovec list.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int
|
|
|
|
cuio_getptr(struct uio *uio, int loc, int *off)
|
|
|
|
{
|
|
|
|
int ind, len;
|
|
|
|
|
|
|
|
ind = 0;
|
|
|
|
while (loc >= 0 && ind < uio->uio_iovcnt) {
|
|
|
|
len = uio->uio_iov[ind].iov_len;
|
|
|
|
if (len > loc) {
|
|
|
|
*off = loc;
|
|
|
|
return (ind);
|
|
|
|
}
|
|
|
|
loc -= len;
|
|
|
|
ind++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ind > 0 && loc == 0) {
|
|
|
|
ind--;
|
|
|
|
*off = uio->uio_iov[ind].iov_len;
|
|
|
|
return (ind);
|
|
|
|
}
|
|
|
|
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
cuio_apply(struct uio *uio, int off, int len,
|
2007-03-04 08:59:00 +03:00
|
|
|
int (*f)(void *, void *, unsigned int), void *fstate)
|
2003-07-26 01:12:39 +04:00
|
|
|
{
|
|
|
|
int rval, ind, uiolen;
|
|
|
|
unsigned int count;
|
|
|
|
|
|
|
|
if (len < 0)
|
|
|
|
panic("%s: len %d < 0", __func__, len);
|
|
|
|
if (off < 0)
|
|
|
|
panic("%s: off %d < 0", __func__, off);
|
2005-02-27 01:31:44 +03:00
|
|
|
|
2003-07-26 01:12:39 +04:00
|
|
|
ind = 0;
|
|
|
|
while (off > 0) {
|
|
|
|
if (ind >= uio->uio_iovcnt)
|
2003-07-30 21:27:23 +04:00
|
|
|
panic("cuio_apply: out of ivecs before data in uio");
|
2003-07-26 01:12:39 +04:00
|
|
|
uiolen = uio->uio_iov[ind].iov_len;
|
|
|
|
if (off < uiolen)
|
|
|
|
break;
|
|
|
|
off -= uiolen;
|
|
|
|
ind++;
|
|
|
|
}
|
|
|
|
while (len > 0) {
|
|
|
|
if (ind >= uio->uio_iovcnt)
|
2003-07-30 21:27:23 +04:00
|
|
|
panic("cuio_apply: out of ivecs when processing uio");
|
Rename min/max -> uimin/uimax for better honesty.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
2018-09-03 19:29:22 +03:00
|
|
|
count = uimin(uio->uio_iov[ind].iov_len - off, len);
|
2003-07-26 01:12:39 +04:00
|
|
|
|
2005-02-27 01:31:44 +03:00
|
|
|
rval = f(fstate,
|
2007-03-04 08:59:00 +03:00
|
|
|
((char *)uio->uio_iov[ind].iov_base + off), count);
|
2003-07-26 01:12:39 +04:00
|
|
|
if (rval)
|
|
|
|
return (rval);
|
|
|
|
|
|
|
|
len -= count;
|
|
|
|
off = 0;
|
|
|
|
ind++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|