git: c61fae1475f1 - main - pgcache read: protect against reads past end of the vm object size
Konstantin Belousov
kib at FreeBSD.org
Tue Feb 16 05:15:40 UTC 2021
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=c61fae1475f1864dc4bba667b642f279afd44855
commit c61fae1475f1864dc4bba667b642f279afd44855
Author: Konstantin Belousov <kib at FreeBSD.org>
AuthorDate: 2021-02-15 03:34:06 +0000
Commit: Konstantin Belousov <kib at FreeBSD.org>
CommitDate: 2021-02-16 05:09:37 +0000
pgcache read: protect against reads past end of the vm object size
If uio_offset is past end of the object size, calculated resid is negative.
Delegate handling this case to the locked read, as any other non-trivial
situation.
PR: 253158
Reported by: Harald Schmalzbauer <bugzilla.freebsd at omnilan.de>
Tested by: cy
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
---
sys/kern/vfs_vnops.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index f8943b3c07e7..71dd379558cb 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -950,6 +950,10 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio)
#else
vsz = atomic_load_64(&obj->un_pager.vnp.vnp_size);
#endif
+ if (uio->uio_offset >= vsz) {
+ error = EJUSTRETURN;
+ goto out;
+ }
if (uio->uio_offset + resid > vsz)
resid = vsz - uio->uio_offset;
More information about the dev-commits-src-main
mailing list