Bug 80775 - [kernel] [patch] sysctl_handle_string should have a timeout
Summary: [kernel] [patch] sysctl_handle_string should have a timeout
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 6.0-CURRENT
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-08 14:50 UTC by Hans Petter Selasky
Modified: 2019-01-23 03:10 UTC (History)
1 user (show)

See Also:

Attachments
kern_sysctl.diff (515 bytes, patch)
2008-03-12 03:10 UTC, Volker 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hans Petter Selasky 2005-05-08 14:50:02 UTC 
File: /sys/kern/kern_sysctl.c 

int
sysctl_handle_string(SYSCTL_HANDLER_ARGS)
{
        int error=0;
        char *tmparg;
        size_t outlen;

        /*
         * Attempt to get a coherent snapshot by copying to a
         * temporary kernel buffer.
         */
retry:
        outlen = strlen((char *)arg1)+1;
        tmparg = malloc(outlen, M_SYSCTLTMP, M_WAITOK);

        if (strlcpy(tmparg, (char *)arg1, outlen) >= outlen) {
                free(tmparg, M_SYSCTLTMP);
                goto retry;
        }

        error = SYSCTL_OUT(req, tmparg, outlen);
        free(tmparg, M_SYSCTLTMP);


When a device detaches strings can be left in freed memory, so 
"sysctl_handle_string" shouldn't try forever. Also the thread updating the 
string can sleep.

Fix: 

Should have a timeout count and something like:

u_int8_t to = 255;

if(to--)
goto retry;
else return EINVAL;
Comment 1 Volker 2008-03-12 03:10:43 UTC 
Sounds reasonable. Following is an exact patch (for the completeness of
this ticket).
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:24 UTC 
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 3 Oleksandr Tymoshenko freebsd_committer freebsd_triage 2019-01-23 03:10:29 UTC 
sysctl_handle_string no longer has retry loop, closing as OBE