From owner-svn-src-head@FreeBSD.ORG Wed Apr 20 01:15:22 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 72734106566B; Wed, 20 Apr 2011 01:15:22 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 478B58FC17; Wed, 20 Apr 2011 01:15:22 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p3K1FM8m028104; Wed, 20 Apr 2011 01:15:22 GMT (envelope-from rmacklem@svn.freebsd.org) Received: (from rmacklem@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p3K1FMkJ028102; Wed, 20 Apr 2011 01:15:22 GMT (envelope-from rmacklem@svn.freebsd.org) Message-Id: <201104200115.p3K1FMkJ028102@svn.freebsd.org> From: Rick Macklem Date: Wed, 20 Apr 2011 01:15:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r220877 - head/sys/fs/nfsclient X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 01:15:22 -0000 Author: rmacklem Date: Wed Apr 20 01:15:22 2011 New Revision: 220877 URL: http://svn.freebsd.org/changeset/base/220877 Log: Modify the offset + size checks for read and write in the experimental NFS client to take care of overflows for the calls above the buffer cache layer in a manner similar to r220876. Thanks go to dillon at apollo.backplane.com for providing the snippet of code that does this. MFC after: 2 weeks Modified: head/sys/fs/nfsclient/nfs_clbio.c Modified: head/sys/fs/nfsclient/nfs_clbio.c ============================================================================== --- head/sys/fs/nfsclient/nfs_clbio.c Wed Apr 20 00:21:51 2011 (r220876) +++ head/sys/fs/nfsclient/nfs_clbio.c Wed Apr 20 01:15:22 2011 (r220877) @@ -452,6 +452,7 @@ ncl_bioread(struct vnode *vp, struct uio int bcount; int seqcount; int nra, error = 0, n = 0, on = 0; + off_t tmp_off; KASSERT(uio->uio_rw == UIO_READ, ("ncl_read mode")); if (uio->uio_resid == 0) @@ -469,11 +470,14 @@ ncl_bioread(struct vnode *vp, struct uio } if (nmp->nm_rsize == 0 || nmp->nm_readdirsize == 0) (void) newnfs_iosize(nmp); - mtx_unlock(&nmp->nm_mtx); + tmp_off = uio->uio_offset + uio->uio_resid; if (vp->v_type != VDIR && - (uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize) + (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset)) { + mtx_unlock(&nmp->nm_mtx); return (EFBIG); + } + mtx_unlock(&nmp->nm_mtx); if (newnfs_directio_enable && (ioflag & IO_DIRECT) && (vp->v_type == VREG)) /* No caching/ no readaheads. Just read data into the user buffer */ @@ -874,6 +878,7 @@ ncl_write(struct vop_write_args *ap) daddr_t lbn; int bcount; int n, on, error = 0; + off_t tmp_off; KASSERT(uio->uio_rw == UIO_WRITE, ("ncl_write mode")); KASSERT(uio->uio_segflg != UIO_USERSPACE || uio->uio_td == curthread, @@ -940,8 +945,13 @@ flush_and_restart: if (uio->uio_offset < 0) return (EINVAL); - if ((uio->uio_offset + uio->uio_resid) > nmp->nm_maxfilesize) + tmp_off = uio->uio_offset + uio->uio_resid; + mtx_lock(&nmp->nm_mtx); + if (tmp_off > nmp->nm_maxfilesize || tmp_off < uio->uio_offset) { + mtx_unlock(&nmp->nm_mtx); return (EFBIG); + } + mtx_unlock(&nmp->nm_mtx); if (uio->uio_resid == 0) return (0);