back out my last commit. art pointed out that sysctl cannot sleep when

copying out to userland, so my fix was useless bloat that didnt really do
anything. the problem instead appears to be a use after free in a driver
rather than bad interactions with sysctl.

1 files changed, 7 insertions, 10 deletions

diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 0b153df579c..343fdf1c15f 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_sysctl.c,v 1.141 2006/05/20 22:55:46 dlg Exp $	*/
+/*	$OpenBSD: kern_sysctl.c,v 1.142 2006/05/28 19:41:42 dlg Exp $	*/
 /*	$NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $	*/
 
 /*-
@@ -1796,22 +1796,19 @@ int
 sysctl_sensors(int *name, u_int namelen, void *oldp, size_t *oldlenp,
     void *newp, size_t newlen)
 {
-	struct sensor ls, *s;
+	struct sensor *s;
+	int num;
 
 	if (namelen != 1)
 		return (ENOTDIR);
 
-	s = sensor_get(name[0]);
+	num = name[0];
+
+	s = sensor_get(num);
 	if (s == NULL)
 		return (ENOENT);
 
-	/*
-	 * Make a local copy of the sensor which cannot be freed by a driver
-	 * while it's being copied to userland.
-	 */
-	bcopy(s, &ls, sizeof(ls));
-
-	return (sysctl_rdstruct(oldp, oldlenp, newp, &ls, sizeof(ls)));
+	return (sysctl_rdstruct(oldp, oldlenp, newp, s, sizeof(struct sensor)));
 }
 
 int