2007-02-06 Josh Stone <joshua.i.stone@intel.com>

	* aux_syscalls.stp, inet_sock.stp, ioblock.stp, ioscheduler.stp,
	nfs.stp, nfs_proc.stp, nfsd.stp, rpc.stp, scsi.stp, signal.stp,
	socket.stp, task.stp, tcp.stp, vfs.stp: Protect pointer dereferences
	with kread wherever possible.  Some places still have hazards, as
	marked with FIXMEs.

	* errno.stp (returnstr): Don't use return in tapset C functions.
	* aux_syscalls.stp (__uget_timex_m): Ditto.
	* nfsd.stp (__get_fh): Ditto.
	* nfs.stp, vfs.stp (<many functions>): Ditto.
	* string.stp (substr): Ditto. Also make sure start index is valid.

	* syscalls.stp (syscall.execve): Change __string to kernel_string.

LKET/
	* nfs.stp, nfs_proc.stp, nfsd.stp, process.stp, tskdispatch.stp:
	Protect pointer dereferences with kread wherever possible.  Some
	places still have hazards, as marked with FIXMEs.

	* aio.stp (log_io_getevents): Don't use return in tapset C functions.
	* timestamp.stp (set_timing_method): Ditto.
	* utils.stp (filter_by_pid): Ditto.

1 files changed, 4 insertions, 3 deletions

diff --git a/tapset/scsi.stp b/tapset/scsi.stp
index 23256893..5e467686 100644
--- a/tapset/scsi.stp
+++ b/tapset/scsi.stp
@@ -77,12 +77,13 @@ probe scsi.iocompleted
 function scsi_timer_pending:long(var:long)
 %{
         struct scsi_cmnd *cmd = (struct scsi_cmnd *)((long)THIS->var);
-        THIS->__retvalue = timer_pending(&cmd->eh_timeout);
+        THIS->__retvalue = timer_pending(&cmd->eh_timeout); /* FIXME: deref hazard! */
 %}
 
 function get_devstate_from_req:long(var:long)
 %{
 	struct request_queue *q = (struct request_queue *)((long)THIS->var);
-        struct scsi_device *sdev = (struct scsi_device *)(q->queuedata);
-	THIS->__retvalue = sdev->sdev_state;
+	struct scsi_device *sdev = (struct scsi_device *)kread(&(q->queuedata));
+	THIS->__retvalue = kread(&(sdev->sdev_state));
+	CATCH_DEREF_FAULT();
 %}