aboutsummaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorKonstantin Belousov <kib@FreeBSD.org>2021-02-15 03:34:06 +0000
committerKonstantin Belousov <kib@FreeBSD.org>2021-02-16 05:09:37 +0000
commitc61fae1475f1864dc4bba667b642f279afd44855 (patch)
treec87960f55733cebfe3de23f2ea7567a1d44a968c /sys
parent184c1b943937986c81e1996d999d21626ec7a4ff (diff)
downloadsrc-c61fae1475f1864dc4bba667b642f279afd44855.tar.gz
src-c61fae1475f1864dc4bba667b642f279afd44855.zip
pgcache read: protect against reads past end of the vm object size
If uio_offset is past end of the object size, calculated resid is negative. Delegate handling this case to the locked read, as any other non-trivial situation. PR: 253158 Reported by: Harald Schmalzbauer <bugzilla.freebsd@omnilan.de> Tested by: cy Sponsored by: The FreeBSD Foundation MFC after: 1 week
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/vfs_vnops.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index f8943b3c07e7..71dd379558cb 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -950,6 +950,10 @@ vn_read_from_obj(struct vnode *vp, struct uio *uio)
#else
vsz = atomic_load_64(&obj->un_pager.vnp.vnp_size);
#endif
+ if (uio->uio_offset >= vsz) {
+ error = EJUSTRETURN;
+ goto out;
+ }
if (uio->uio_offset + resid > vsz)
resid = vsz - uio->uio_offset;