From owner-svn-src-stable-8@FreeBSD.ORG Wed May 4 01:39:45 2011 Return-Path: Delivered-To: svn-src-stable-8@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18454106567B; Wed, 4 May 2011 01:39:45 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E057B8FC12; Wed, 4 May 2011 01:39:44 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p441difq025340; Wed, 4 May 2011 01:39:44 GMT (envelope-from rmacklem@svn.freebsd.org) Received: (from rmacklem@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p441diji025338; Wed, 4 May 2011 01:39:44 GMT (envelope-from rmacklem@svn.freebsd.org) Message-Id: <201105040139.p441diji025338@svn.freebsd.org> From: Rick Macklem Date: Wed, 4 May 2011 01:39:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r221417 - stable/8/sys/fs/nfsclient X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2011 01:39:45 -0000 Author: rmacklem Date: Wed May 4 01:39:44 2011 New Revision: 221417 URL: http://svn.freebsd.org/changeset/base/221417 Log: MFC: r220877 Modify the offset + size checks for read and write in the experimental NFS client to take care of overflows for the calls above the buffer cache layer in a manner similar to r220876. Thanks go to dillon at apollo.backplane.com for providing the snippet of code that does this. Modified: stable/8/sys/fs/nfsclient/nfs_clbio.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/fs/nfsclient/nfs_clbio.c ============================================================================== --- stable/8/sys/fs/nfsclient/nfs_clbio.c Wed May 4 01:24:03 2011 (r221416) +++ stable/8/sys/fs/nfsclient/nfs_clbio.c Wed May 4 01:39:44 2011 (r221417) @@ -448,6 +448,7 @@ ncl_bioread(struct vnode *vp, struct uio int bcount; int seqcount; int nra, error = 0, n = 0, on = 0; + off_t tmp_off; KASSERT(uio->uio_rw == UIO_READ, ("ncl_read mode")); if (uio->uio_resid == 0) @@ -465,11 +466,14 @@ ncl_bioread(struct vnode *vp, struct uio } if (nmp->nm_rsize == 0 || nmp->nm_readdirsize == 0) (void) newnfs_iosize(nmp); - mtx_unlock(&nmp->nm_mtx); + tmp_off = uio->uio_offset + uio->uio_resid; if (vp->v_type != VDIR && - (uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize) + (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset)) { + mtx_unlock(&nmp->nm_mtx); return (EFBIG); + } + mtx_unlock(&nmp->nm_mtx); if (newnfs_directio_enable && (ioflag & IO_DIRECT) && (vp->v_type == VREG)) /* No caching/ no readaheads. Just read data into the user buffer */ @@ -871,6 +875,7 @@ ncl_write(struct vop_write_args *ap) int bcount; int n, on, error = 0; struct proc *p = td?td->td_proc:NULL; + off_t tmp_off; KASSERT(uio->uio_rw == UIO_WRITE, ("ncl_write mode")); KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, @@ -937,8 +942,13 @@ flush_and_restart: if (uio->uio_offset < 0) return (EINVAL); - if ((uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize) + tmp_off = uio->uio_offset + uio->uio_resid; + mtx_lock(&nmp->nm_mtx); + if (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset) { + mtx_unlock(&nmp->nm_mtx); return (EFBIG); + } + mtx_unlock(&nmp->nm_mtx); if (uio->uio_resid == 0) return (0);