Date: Mon, 15 Feb 2021 09:47:44 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 253158] Panic: snapacct_ufs2: bad block - Non-suJ mksnap_ffs(8) crash Message-ID: <bug-253158-3630-n04EaeeBmY@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-253158-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-253158-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253158 --- Comment #45 from Konstantin Belousov <kib@FreeBSD.org> --- (In reply to Cy Schubert from comment #44) Yes, the vfs_vnops.c patch might leave error uninitialized. Fixed commit below. commit 04822fadd7b1d7d20373cf3fa8e7fdd5a26e7da9 Author: Konstantin Belousov <kib@FreeBSD.org> Date: Mon Feb 15 05:34:06 2021 +0200 pgcache read: protect against reads past end of the vm object size If uio_offset is past end of the object size, calculated resid is negat= ive. Delegate handling this case to the locked read, as any other non-trivial situation. PR: 253158 diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 46b333b2261f..3e6abb01bfd7 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -967,6 +967,10 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio) #else vsz =3D atomic_load_64(&obj->un_pager.vnp.vnp_size); #endif + if (uio->uio_offset >=3D vsz) { + error =3D EJUSTRETURN; + goto out; + } if (uio->uio_offset + resid > vsz) resid =3D vsz - uio->uio_offset; --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-253158-3630-n04EaeeBmY>