11928 Udiff usr/src/uts/common/rpc/clnt

Print this page

11928 rpcmod's clnt_cots can do zero-length kmem allocations

@@ -20,10 +20,11 @@
  */
 
 /*
  * Copyright 2016 Nexenta Systems, Inc.  All rights reserved.
  * Copyright (c) 2016 by Delphix. All rights reserved.
+ * Copyright 2019 Joyent, Inc.
  */
 
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.

@@ -1934,11 +1935,12 @@
                          */
                         if (srcaddr->len != lru_entry->x_src.len) {
                                 if (srcaddr->len > 0)
                                         kmem_free(srcaddr->buf,
                                             srcaddr->maxlen);
-                                srcaddr->buf = kmem_zalloc(
+                                ASSERT(lru_entry->x_src.len != 0);
+                                srcaddr->buf = kmem_alloc(
                                     lru_entry->x_src.len, KM_SLEEP);
                                 srcaddr->maxlen = srcaddr->len =
                                     lru_entry->x_src.len;
                         }
                         bcopy(lru_entry->x_src.buf, srcaddr->buf, srcaddr->len);

@@ -2089,11 +2091,11 @@
          * Set up a transport entry in the connection manager's list.
          */
         cm_entry = (struct cm_xprt *)
             kmem_zalloc(sizeof (struct cm_xprt), KM_SLEEP);
 
-        cm_entry->x_server.buf = kmem_zalloc(destaddr->len, KM_SLEEP);
+        cm_entry->x_server.buf = kmem_alloc(destaddr->len, KM_SLEEP);
         bcopy(destaddr->buf, cm_entry->x_server.buf, destaddr->len);
         cm_entry->x_server.len = cm_entry->x_server.maxlen = destaddr->len;
 
         cm_entry->x_state_flags = X_THREAD;
         cm_entry->x_ref = 1;

@@ -2254,13 +2256,15 @@
         mutex_enter(&connmgr_lock);
 
         /*
          * Set up a transport entry in the connection manager's list.
          */
-        cm_entry->x_src.buf = kmem_zalloc(srcaddr->len, KM_SLEEP);
+        if (srcaddr->len > 0) {
+                cm_entry->x_src.buf = kmem_alloc(srcaddr->len, KM_SLEEP);
         bcopy(srcaddr->buf, cm_entry->x_src.buf, srcaddr->len);
         cm_entry->x_src.len = cm_entry->x_src.maxlen = srcaddr->len;
+        } /* Else kmem_zalloc() of cm_entry already sets its x_src to NULL. */
 
         cm_entry->x_tiptr = tiptr;
         cm_entry->x_time = ddi_get_lbolt();
 
         if (tiptr->tp_info.servtype == T_COTS_ORD)

@@ -2438,14 +2442,14 @@
                  * in case of a later retry.
                  */
                 if (srcaddr->len != cm_entry->x_src.len) {
                         if (srcaddr->maxlen > 0)
                                 kmem_free(srcaddr->buf, srcaddr->maxlen);
-                        srcaddr->buf = kmem_zalloc(cm_entry->x_src.len,
+                        ASSERT(cm_entry->x_src.len != 0);
+                        srcaddr->buf = kmem_alloc(cm_entry->x_src.len,
                             KM_SLEEP);
-                        srcaddr->maxlen = srcaddr->len =
-                            cm_entry->x_src.len;
+                        srcaddr->maxlen = srcaddr->len = cm_entry->x_src.len;
                 }
                 bcopy(cm_entry->x_src.buf, srcaddr->buf, srcaddr->len);
         }
         cm_entry->x_time = ddi_get_lbolt();
         mutex_exit(&connmgr_lock);