From owner-svn-src-all@freebsd.org Sat Jan 27 16:21:59 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B679EC9C67 for ; Sat, 27 Jan 2018 16:21:59 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8EF826EB6C for ; Sat, 27 Jan 2018 16:21:58 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-io0-x22e.google.com with SMTP id b198so3418236iof.6 for ; Sat, 27 Jan 2018 08:21:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=yPJ1LX0FqLxiWvUD5LMtZGhW4sGneGHvilM7C0tcH8w=; b=CafwDRr1N0EryaJNOie8ovW7f8vGe9HfwnN+mCVX5CqHjDBL1CDi1E5yfVbfhGy0KZ CskZKSEeq9IWsRVGxrbdUOrpiy/ko30PJKKw9m5VUtJyo5dnqW+O3RED3YhZ6TD0Mn3z 4omv+LEZh1vMnQv1gYIwFCW+dWhs6pT36XW30d7CjNFNMLhDLr3UAUHlNHRxc3lzsDQt ZbWDSClXlhxZ4Eu6W1kgPctHQbqxvhg7OgdfDWBSq0a+GKIXNV6qxyFsRBHXRmD611Js mJ/IlG6/mQ8n+xTyDB+cySYR9vNdb8p0zqmYvViMACte0qZ3MaRZoK+k4s+yiOhdQI4Q RZCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=yPJ1LX0FqLxiWvUD5LMtZGhW4sGneGHvilM7C0tcH8w=; b=SdlOrQnqctWQ0/Nb8oHvv15VaHl7Gz4AcKN7+so00i7FDB2b+9uHCTWgfYmUbQAESC 1QdA7HNDuwJi1VWyiYH6Q6kirod3Mw0hFagfDW+K4HmzdX9RkrGVP4JZgLUI1m3EKODH Vi03niyNVIiKSNGGOGUDmuou4MJVJAJDMP9zn0JOTR+pKHpW0h6SBLr9Bo7f30n77q/i GksMmdt5JUIKGHa7i+5zAVAREBwUJPqggADV8JpecBVgD64V+4X0b85WBTQwDz39ezOw kwKQpQ/mESCo8I4Tq9qqdGLNBkPpQ1s3/qV0DKXrZIvKUndGKzDQrF0vaoaEza3E3K/q 4Zbg== X-Gm-Message-State: AKwxytc/aOEi3SVuN/ozBvDrDsFcqoxCDPEc4OcrnJ2/g/r8NnLWgjqi eb7S0TiL5BlCAvMv68GAdtIak0AlTqndfHyeLBOnXA== X-Google-Smtp-Source: AH8x227a+50PLwV4Uhy5iuU6YoVfyilSy2BDJLVN3SUN4tamQS1aklj5RI6vx4WMZEbdzmVfXG/C3FEilT94Sgm5SRM= X-Received: by 10.107.88.12 with SMTP id m12mr18641881iob.136.1517070117858; Sat, 27 Jan 2018 08:21:57 -0800 (PST) MIME-Version: 1.0 Sender: wlosh@bsdimp.com Received: by 10.79.201.67 with HTTP; Sat, 27 Jan 2018 08:21:57 -0800 (PST) X-Originating-IP: [2607:fb90:6e36:93d6:c84:a4d3:7333:a790] Received: by 10.79.201.67 with HTTP; Sat, 27 Jan 2018 08:21:57 -0800 (PST) In-Reply-To: <201801271533.w0RFXq0K057921@repo.freebsd.org> References: <201801271533.w0RFXq0K057921@repo.freebsd.org> From: Warner Losh Date: Sat, 27 Jan 2018 09:21:57 -0700 X-Google-Sender-Auth: uRqVFu8_g-hNXHygsPOOv0_mVtw Message-ID: Subject: Re: svn commit: r328479 - in head/sys: fs/ext2fs ufs/ufs To: Pedro Giffuni Cc: src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jan 2018 16:21:59 -0000 You aren't allowed to set resid like this. Changes in resid indicate amount of I/O done. If you think it's bogus, you need to either return EINVAL or use a smaller value to figure out your buffer sizes. Thi s is bogus, please back it out. Warner On Jan 27, 2018 8:34 AM, "Pedro F. Giffuni" wrote: > Author: pfg > Date: Sat Jan 27 15:33:52 2018 > New Revision: 328479 > URL: https://svnweb.freebsd.org/changeset/base/328479 > > Log: > {ext2|ufs}_readdir: Set limit on valid ncookies values. > > Sanitize the values that will be assigned to ncookies so that we ensure > they are sane and we can handle them. > > Let ncookies signed as it was before r328346. The valid range is such > that unsigned values are not required and we are not able to avoid at > least one cast anyways. > > Hinted by: bde > > Modified: > head/sys/fs/ext2fs/ext2_lookup.c > head/sys/ufs/ufs/ufs_vnops.c > > Modified: head/sys/fs/ext2fs/ext2_lookup.c > ============================================================ > ================== > --- head/sys/fs/ext2fs/ext2_lookup.c Sat Jan 27 13:46:55 2018 > (r328478) > +++ head/sys/fs/ext2fs/ext2_lookup.c Sat Jan 27 15:33:52 2018 > (r328479) > @@ -145,14 +145,18 @@ ext2_readdir(struct vop_readdir_args *ap) > off_t offset, startoffset; > size_t readcnt, skipcnt; > ssize_t startresid; > - u_int ncookies; > + int ncookies; > int DIRBLKSIZ = VTOI(ap->a_vp)->i_e2fs->e2fs_bsize; > int error; > > if (uio->uio_offset < 0) > return (EINVAL); > ip = VTOI(vp); > + if (uio->uio_resid < 0) > + uio->uio_resid = 0; > if (ap->a_ncookies != NULL) { > + if (uio->uio_resid > MAXPHYS) > + uio->uio_resid = MAXPHYS; > ncookies = uio->uio_resid; > if (uio->uio_offset >= ip->i_size) > ncookies = 0; > > Modified: head/sys/ufs/ufs/ufs_vnops.c > ============================================================ > ================== > --- head/sys/ufs/ufs/ufs_vnops.c Sat Jan 27 13:46:55 2018 > (r328478) > +++ head/sys/ufs/ufs/ufs_vnops.c Sat Jan 27 15:33:52 2018 > (r328479) > @@ -2170,7 +2170,7 @@ ufs_readdir(ap) > off_t offset, startoffset; > size_t readcnt, skipcnt; > ssize_t startresid; > - u_int ncookies; > + int ncookies; > int error; > > if (uio->uio_offset < 0) > @@ -2178,7 +2178,11 @@ ufs_readdir(ap) > ip = VTOI(vp); > if (ip->i_effnlink == 0) > return (0); > + if (uio->uio_resid < 0) > + uio->uio_resid = 0; > if (ap->a_ncookies != NULL) { > + if (uio->uio_resid > MAXPHYS) > + uio->uio_resid = MAXPHYS; > ncookies = uio->uio_resid; > if (uio->uio_offset >= ip->i_size) > ncookies = 0; > >