[src/netbsd-1-4]: src/sys/kern Pull up revision 1.62 (via patch, requested by...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/12ce8f12b5de
branches:  netbsd-1-4
changeset: 470527:12ce8f12b5de
user:      he <he%NetBSD.org@localhost>
date:      Sun Apr 30 12:07:35 2000 +0000

description:
Pull up revision 1.62 (via patch, requested by sommerfeld):
  Fix two bugs:
   o A malicious or erroneous program can hog the CPU in uiomove()
   o A ktrace of such a program can hog large amounts of kernel memory
  This increses the size of struct proc, so kernel-grovellers need
  rebuild after this.

diffstat:

 sys/kern/kern_subr.c |  7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diffs (32 lines):

diff -r 7bcb39e62a79 -r 12ce8f12b5de sys/kern/kern_subr.c
--- a/sys/kern/kern_subr.c      Sun Apr 30 12:07:06 2000 +0000
+++ b/sys/kern/kern_subr.c      Sun Apr 30 12:07:35 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_subr.c,v 1.45.2.1 2000/02/01 22:54:45 he Exp $    */
+/*     $NetBSD: kern_subr.c,v 1.45.2.2 2000/04/30 12:07:35 he Exp $    */
 
 /*-
  * Copyright (c) 1997, 1998 The NetBSD Foundation, Inc.
@@ -125,11 +125,12 @@
        u_int cnt;
        int error = 0;
        char *cp = buf;
+       struct proc *p = uio->uio_procp;
 
 #ifdef DIAGNOSTIC
        if (uio->uio_rw != UIO_READ && uio->uio_rw != UIO_WRITE)
                panic("uiomove: mode");
-       if (uio->uio_segflg == UIO_USERSPACE && uio->uio_procp != curproc)
+       if (uio->uio_segflg == UIO_USERSPACE && p != curproc)
                panic("uiomove proc");
 #endif
        while (n > 0 && uio->uio_resid) {
@@ -145,6 +146,8 @@
                switch (uio->uio_segflg) {
 
                case UIO_USERSPACE:
+                       if (p->p_schedflags & PSCHED_SHOULDYIELD)
+                               preempt(NULL);
                        if (uio->uio_rw == UIO_READ)
                                error = copyout(cp, iov->iov_base, cnt);
                        else