Date: Wed, 4 May 2011 01:39:44 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r221417 - stable/8/sys/fs/nfsclient Message-ID: <201105040139.p441diji025338@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Wed May 4 01:39:44 2011 New Revision: 221417 URL: http://svn.freebsd.org/changeset/base/221417 Log: MFC: r220877 Modify the offset + size checks for read and write in the experimental NFS client to take care of overflows for the calls above the buffer cache layer in a manner similar to r220876. Thanks go to dillon at apollo.backplane.com for providing the snippet of code that does this. Modified: stable/8/sys/fs/nfsclient/nfs_clbio.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/fs/nfsclient/nfs_clbio.c ============================================================================== --- stable/8/sys/fs/nfsclient/nfs_clbio.c Wed May 4 01:24:03 2011 (r221416) +++ stable/8/sys/fs/nfsclient/nfs_clbio.c Wed May 4 01:39:44 2011 (r221417) @@ -448,6 +448,7 @@ ncl_bioread(struct vnode *vp, struct uio int bcount; int seqcount; int nra, error = 0, n = 0, on = 0; + off_t tmp_off; KASSERT(uio->uio_rw == UIO_READ, ("ncl_read mode")); if (uio->uio_resid == 0) @@ -465,11 +466,14 @@ ncl_bioread(struct vnode *vp, struct uio } if (nmp->nm_rsize == 0 || nmp->nm_readdirsize == 0) (void) newnfs_iosize(nmp); - mtx_unlock(&nmp->nm_mtx); + tmp_off = uio->uio_offset + uio->uio_resid; if (vp->v_type != VDIR && - (uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize) + (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset)) { + mtx_unlock(&nmp->nm_mtx); return (EFBIG); + } + mtx_unlock(&nmp->nm_mtx); if (newnfs_directio_enable && (ioflag & IO_DIRECT) && (vp->v_type == VREG)) /* No caching/ no readaheads. Just read data into the user buffer */ @@ -871,6 +875,7 @@ ncl_write(struct vop_write_args *ap) int bcount; int n, on, error = 0; struct proc *p = td?td->td_proc:NULL; + off_t tmp_off; KASSERT(uio->uio_rw == UIO_WRITE, ("ncl_write mode")); KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, @@ -937,8 +942,13 @@ flush_and_restart: if (uio->uio_offset < 0) return (EINVAL); - if ((uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize) + tmp_off = uio->uio_offset + uio->uio_resid; + mtx_lock(&nmp->nm_mtx); + if (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset) { + mtx_unlock(&nmp->nm_mtx); return (EFBIG); + } + mtx_unlock(&nmp->nm_mtx); if (uio->uio_resid == 0) return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105040139.p441diji025338>