Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 4 May 2011 01:39:44 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r221417 - stable/8/sys/fs/nfsclient
Message-ID:  <201105040139.p441diji025338@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rmacklem
Date: Wed May  4 01:39:44 2011
New Revision: 221417
URL: http://svn.freebsd.org/changeset/base/221417

Log:
  MFC: r220877
  Modify the offset + size checks for read and write in the
  experimental NFS client to take care of overflows for the calls
  above the buffer cache layer in a manner similar to r220876.
  Thanks go to dillon at apollo.backplane.com for providing the
  snippet of code that does this.

Modified:
  stable/8/sys/fs/nfsclient/nfs_clbio.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/fs/nfsclient/nfs_clbio.c
==============================================================================
--- stable/8/sys/fs/nfsclient/nfs_clbio.c	Wed May  4 01:24:03 2011	(r221416)
+++ stable/8/sys/fs/nfsclient/nfs_clbio.c	Wed May  4 01:39:44 2011	(r221417)
@@ -448,6 +448,7 @@ ncl_bioread(struct vnode *vp, struct uio
 	int bcount;
 	int seqcount;
 	int nra, error = 0, n = 0, on = 0;
+	off_t tmp_off;
 
 	KASSERT(uio->uio_rw == UIO_READ, ("ncl_read mode"));
 	if (uio->uio_resid == 0)
@@ -465,11 +466,14 @@ ncl_bioread(struct vnode *vp, struct uio
 	}
 	if (nmp->nm_rsize == 0 || nmp->nm_readdirsize == 0)
 		(void) newnfs_iosize(nmp);
-	mtx_unlock(&nmp->nm_mtx);		
 
+	tmp_off = uio->uio_offset + uio->uio_resid;
 	if (vp->v_type != VDIR &&
-	    (uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize)
+	    (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset)) {
+		mtx_unlock(&nmp->nm_mtx);		
 		return (EFBIG);
+	}
+	mtx_unlock(&nmp->nm_mtx);		
 
 	if (newnfs_directio_enable && (ioflag & IO_DIRECT) && (vp->v_type == VREG))
 		/* No caching/ no readaheads. Just read data into the user buffer */
@@ -871,6 +875,7 @@ ncl_write(struct vop_write_args *ap)
 	int bcount;
 	int n, on, error = 0;
 	struct proc *p = td?td->td_proc:NULL;
+	off_t tmp_off;
 
 	KASSERT(uio->uio_rw == UIO_WRITE, ("ncl_write mode"));
 	KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread,
@@ -937,8 +942,13 @@ flush_and_restart:
 
 	if (uio->uio_offset < 0)
 		return (EINVAL);
-	if ((uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize)
+	tmp_off = uio->uio_offset + uio->uio_resid;
+	mtx_lock(&nmp->nm_mtx);
+	if (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset) {
+		mtx_unlock(&nmp->nm_mtx);
 		return (EFBIG);
+	}
+	mtx_unlock(&nmp->nm_mtx);
 	if (uio->uio_resid == 0)
 		return (0);
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105040139.p441diji025338>