Date: Tue, 23 Feb 2021 11:25:59 GMT From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 4b737a9c58ca - releng/13.0 - pgcache read: protect against reads past end of the vm object size Message-ID: <202102231125.11NBPxso020046@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch releng/13.0 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=4b737a9c58cac69008f189cc44e7d1a81a0b601c commit 4b737a9c58cac69008f189cc44e7d1a81a0b601c Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2021-02-15 03:34:06 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2021-02-23 11:21:00 +0000 pgcache read: protect against reads past end of the vm object size PR: 253158 Approved by: re (gjb) (cherry picked from commit c61fae1475f1864dc4bba667b642f279afd44855) --- sys/kern/vfs_vnops.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 6c6727c7f372..1e52a797a1f7 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -951,6 +951,10 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio) #else vsz = atomic_load_64(&obj->un_pager.vnp.vnp_size); #endif + if (uio->uio_offset >= vsz) { + error = EJUSTRETURN; + goto out; + } if (uio->uio_offset + resid > vsz) resid = vsz - uio->uio_offset;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102231125.11NBPxso020046>