From edfe05a75fa26022f2a63a10e8ecf6e0c86240ea Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Tue, 18 Nov 2014 02:22:34 +0000 Subject: Reduce scope of iovec variables, use mallocarray, and record size for free. Change rbuf malloc argument to fullsiz, which then makes clear it's the correct size to pass to free. ok millert --- sys/nfs/nfs_serv.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/sys/nfs/nfs_serv.c b/sys/nfs/nfs_serv.c index e33f5749622..5b48ba14829 100644 --- a/sys/nfs/nfs_serv.c +++ b/sys/nfs/nfs_serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_serv.c,v 1.99 2014/11/14 23:01:44 tedu Exp $ */ +/* $OpenBSD: nfs_serv.c,v 1.100 2014/11/18 02:22:33 tedu Exp $ */ /* $NetBSD: nfs_serv.c,v 1.34 1997/05/12 23:37:12 fvdl Exp $ */ /* @@ -509,8 +509,6 @@ nfsrv_read(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, { struct mbuf *nam = nfsd->nd_nam; struct ucred *cred = &nfsd->nd_cr; - struct iovec *iv; - struct iovec *iv2; struct mbuf *m; struct nfs_fattr *fp; struct nfsm_info info; @@ -589,6 +587,8 @@ nfsrv_read(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, } len = left = nfsm_rndup (cnt); if (cnt > 0) { + struct iovec *iv, *iv2; + size_t ivlen; /* * Generate the mbuf list with the uio_iov ref. to it. */ @@ -609,7 +609,8 @@ nfsrv_read(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, m2 = m; } } - iv = malloc(i * sizeof(struct iovec), M_TEMP, M_WAITOK); + iv = mallocarray(i, sizeof(*iv), M_TEMP, M_WAITOK); + ivlen = i * sizeof(*iv); uiop->uio_iov = iv2 = iv; m = info.nmi_mb; left = len; @@ -635,7 +636,7 @@ nfsrv_read(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, uiop->uio_segflg = UIO_SYSSPACE; error = VOP_READ(vp, uiop, IO_NODELOCKED, cred); off = uiop->uio_offset; - free(iv2, M_TEMP, 0); + free(iv2, M_TEMP, ivlen); if (error || (getret = VOP_GETATTR(vp, &va, cred, procp)) != 0){ if (!error) error = getret; @@ -679,12 +680,10 @@ nfsrv_write(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, { struct mbuf *nam = nfsd->nd_nam; struct ucred *cred = &nfsd->nd_cr; - struct iovec *ivp; struct nfsm_info info; int i, cnt; struct mbuf *mp; struct nfs_fattr *fp; - struct iovec *iv; struct vattr va, forat; u_int32_t *tl; int32_t t1; @@ -774,7 +773,11 @@ nfsrv_write(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, goto vbad; if (len > 0) { - ivp = malloc(cnt * sizeof(struct iovec), M_TEMP, M_WAITOK); + struct iovec *iv, *ivp; + size_t ivlen; + + ivp = mallocarray(cnt, sizeof(*ivp), M_TEMP, M_WAITOK); + ivlen = cnt * sizeof(*ivp); uiop->uio_iov = iv = ivp; uiop->uio_iovcnt = cnt; mp = info.nmi_mrep; @@ -800,7 +803,7 @@ nfsrv_write(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, uiop->uio_offset = off; error = VOP_WRITE(vp, uiop, ioflags, cred); nfsstats.srvvop_writes++; - free(iv, M_TEMP, 0); + free(iv, M_TEMP, ivlen); } aftat_ret = VOP_GETATTR(vp, &va, cred, procp); vput(vp); @@ -2078,7 +2081,7 @@ nfsrv_readdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, goto nfsmout; } VOP_UNLOCK(vp, 0, procp); - rbuf = malloc(siz, M_TEMP, M_WAITOK); + rbuf = malloc(fullsiz, M_TEMP, M_WAITOK); again: iv.iov_base = rbuf; iv.iov_len = fullsiz; @@ -2104,7 +2107,7 @@ again: VOP_UNLOCK(vp, 0, procp); if (error) { vrele(vp); - free((caddr_t)rbuf, M_TEMP, 0); + free(rbuf, M_TEMP, fullsiz); nfsm_reply(NFSX_POSTOPATTR(info.nmi_v3)); nfsm_srvpostop_attr(nfsd, getret, &at, &info); error = 0; @@ -2130,7 +2133,7 @@ again: tl = nfsm_build(&info.nmi_mb, 2 * NFSX_UNSIGNED); *tl++ = nfs_false; *tl = nfs_true; - free(rbuf, M_TEMP, 0); + free(rbuf, M_TEMP, fullsiz); error = 0; goto nfsmout; } @@ -2208,7 +2211,7 @@ again: *tl = nfs_true; else *tl = nfs_false; - free(rbuf, M_TEMP, 0); + free(rbuf, M_TEMP, fullsiz); nfsmout: return(error); } @@ -2278,7 +2281,7 @@ nfsrv_readdirplus(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, } VOP_UNLOCK(vp, 0, procp); - rbuf = malloc(siz, M_TEMP, M_WAITOK); + rbuf = malloc(fullsiz, M_TEMP, M_WAITOK); again: iv.iov_base = rbuf; iv.iov_len = fullsiz; @@ -2303,7 +2306,7 @@ again: error = getret; if (error) { vrele(vp); - free((caddr_t)rbuf, M_TEMP, 0); + free(rbuf, M_TEMP, fullsiz); nfsm_reply(NFSX_V3POSTOPATTR); nfsm_srvpostop_attr(nfsd, getret, &at, &info); error = 0; @@ -2326,7 +2329,7 @@ again: tl += 2; *tl++ = nfs_false; *tl = nfs_true; - free(rbuf, M_TEMP, 0); + free(rbuf, M_TEMP, fullsiz); error = 0; goto nfsmout; } @@ -2450,7 +2453,7 @@ invalid: *tl = nfs_true; else *tl = nfs_false; - free(rbuf, M_TEMP, 0); + free(rbuf, M_TEMP, fullsiz); nfsmout: return(error); } -- cgit v1.2.3