Allow negative aio_offset only for the read and write LIO ops on device nodes.
ClosedPublic
Actions

Authored by kib on Jun 18 2017, 8:27 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Fri, Nov 7, 6:11 AM

	Unknown Object (File)
	Fri, Nov 7, 6:11 AM

	Unknown Object (File)
	Fri, Nov 7, 1:33 AM

	Unknown Object (File)
	Thu, Nov 6, 9:09 PM

	Unknown Object (File)
	Mon, Nov 3, 8:42 PM

	Unknown Object (File)
	Fri, Oct 31, 9:06 AM

	Unknown Object (File)
	Wed, Oct 29, 8:14 PM

	Unknown Object (File)
	Mon, Oct 20, 9:01 AM

View All 70 Files

Subscribers

imp

pho

Details

Reviewers

jhb

Commits

rS320108: Allow negative aio_offset only for the read and write LIO ops on

Summary

Otherwise, the current check of aio_offset == -1LL makes it possible to pass negative file offsets down to the filesystems. This trips assertions and is even unsafe for e.g. FFS which keeps metadata at negative offsets.

Test Plan

Peter Holm found this with fuzzing and confirmed that the issue is fixed. He also run AIO regression tests.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

kib created this revision.Jun 18 2017, 8:27 PM

Herald added a subscriber: imp. · View Herald TranscriptJun 18 2017, 8:27 PM

jhb accepted this revision.Jun 19 2017, 2:23 PM

This revision is now accepted and ready to land.Jun 19 2017, 2:23 PM

Closed by commit rS320108: Allow negative aio_offset only for the read and write LIO ops on (authored by kib). · Explain WhyJun 19 2017, 3:17 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

head/

sys/

kern/

vfs_aio.c

4 lines

Diff 29812

View Options

Allow negative aio_offset only for the read and write LIO ops on device nodes.ClosedPublicActions