diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2021-02-15 03:34:06 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2021-02-23 11:21:00 +0000 |
| commit | 4b737a9c58cac69008f189cc44e7d1a81a0b601c (patch) | |
| tree | 8954bfe4e0b3e25af3961183000601074a5803d2 | |
| parent | d7296b893969c3e77df8bdd001b008050d974c11 (diff) | |
| download | src-4b737a9c58cac69008f189cc44e7d1a81a0b601c.tar.gz src-4b737a9c58cac69008f189cc44e7d1a81a0b601c.zip | |
pgcache read: protect against reads past end of the vm object size
PR: 253158
Approved by: re (gjb)
(cherry picked from commit c61fae1475f1864dc4bba667b642f279afd44855)
| -rw-r--r-- | sys/kern/vfs_vnops.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 6c6727c7f372..1e52a797a1f7 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -951,6 +951,10 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio) #else vsz = atomic_load_64(&obj->un_pager.vnp.vnp_size); #endif + if (uio->uio_offset >= vsz) { + error = EJUSTRETURN; + goto out; + } if (uio->uio_offset + resid > vsz) resid = vsz - uio->uio_offset; |