Date: Tue, 16 Feb 2021 05:15:40 GMT From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: c61fae1475f1 - main - pgcache read: protect against reads past end of the vm object size Message-ID: <202102160515.11G5FeSN061427@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=c61fae1475f1864dc4bba667b642f279afd44855 commit c61fae1475f1864dc4bba667b642f279afd44855 Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2021-02-15 03:34:06 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2021-02-16 05:09:37 +0000 pgcache read: protect against reads past end of the vm object size If uio_offset is past end of the object size, calculated resid is negative. Delegate handling this case to the locked read, as any other non-trivial situation. PR: 253158 Reported by: Harald Schmalzbauer <bugzilla.freebsd@omnilan.de> Tested by: cy Sponsored by: The FreeBSD Foundation MFC after: 1 week --- sys/kern/vfs_vnops.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index f8943b3c07e7..71dd379558cb 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -950,6 +950,10 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio) #else vsz = atomic_load_64(&obj->un_pager.vnp.vnp_size); #endif + if (uio->uio_offset >= vsz) { + error = EJUSTRETURN; + goto out; + } if (uio->uio_offset + resid > vsz) resid = vsz - uio->uio_offset;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102160515.11G5FeSN061427>