> There is a value, MAXIOCBSZ, defined in sys/stream.h, which limits the > maximum size that an ioctl block can be. In particular, this *also* > limits the maximum amount that can be copied in with M_COPYIN. > > It appears that this value is not used anywhere else. > > I'm pretty unhappy about this, because it will mean that I have to use > partial copyin's in a loop to copyin a ~3K data structure. (The API is > one defined by external sources, so I can't change the size of the > structure I'm dealing with.) > > What is the reason for this check?
That constant, value, and associated logic go all the way back to the original SVR3 STREAMS implementation. In the SVR3 implementation, allocb() had less than a dozen "block classes" that it could allocate, with a maximum of 4K (MAXBSIZE in the SVR3 <sys/stream.h>). I'm not sure why MAXIOCBSZ was set to 1K rather than 4K, but I don't see a problem with removing it given that `strmsgsz' already protects the system from DoS attmempts. > I mean, the way the code looks to me, it appears that the kernel driver > issuing the M_COPYIN specifies the size, so its not like this is coming > from some untrusted userland place. Actually, it depends on whether you're using I_STR or not. -- meem _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
