Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Feb 2024 18:11:01 GMT
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: a8aa5ba3db69 - stable/14 - kern: tty: fix ttyinq_read_uio assertion
Message-ID:  <202402061811.416IB1jB044439@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=a8aa5ba3db694f97d21e946d6392c527af31f05b

commit a8aa5ba3db694f97d21e946d6392c527af31f05b
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2024-01-16 02:55:58 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2024-02-06 15:31:17 +0000

    kern: tty: fix ttyinq_read_uio assertion
    
    It's clear from later context that `rlen` was always expected to include
    `flen`, as we'll trim `flen` bytes from the end of the read.  Relax our
    initial assertion to only require the total size less trimmed bytes to
    lie within the out buffer size.
    
    While we're here, I note that if we have to read more than one block and
    we're trimming from the end then we'll do the wrong thing and omit
    `flen` bytes from every block, rather than just the end.  Add an
    assertion to make sure we're not doing that, but the only caller that
    specifies a non-zero `flen` today will only really be doing so if rlen
    is entirely within a single buffer.
    
    Reviewed by:    cy, imp
    
    (cherry picked from commit 09a43b8790bdeb97fbecd3ea767c2f599eb4a4d3)
---
 sys/kern/tty_inq.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/sys/kern/tty_inq.c b/sys/kern/tty_inq.c
index daf3bde77712..0bf7c2fa5b5e 100644
--- a/sys/kern/tty_inq.c
+++ b/sys/kern/tty_inq.c
@@ -165,7 +165,8 @@ ttyinq_read_uio(struct ttyinq *ti, struct tty *tp, struct uio *uio,
     size_t rlen, size_t flen)
 {
 
-	MPASS(rlen <= uio->uio_resid);
+	/* rlen includes flen, flen bytes will be trimmed from the end. */
+	MPASS(rlen - flen <= uio->uio_resid);
 
 	while (rlen > 0) {
 		int error;
@@ -192,6 +193,14 @@ ttyinq_read_uio(struct ttyinq *ti, struct tty *tp, struct uio *uio,
 		MPASS(clen >= flen);
 		rlen -= clen;
 
+		/*
+		 * Caller shouldn't request that we trim anything if we might be
+		 * reading across blocks.  We could handle it, but today we do
+		 * not.
+		 */
+		if (flen > 0)
+			MPASS(rlen == 0);
+
 		/*
 		 * We can prevent buffering in some cases:
 		 * - We need to read the block until the end.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402061811.416IB1jB044439>