Page MenuHomeFreeBSD
Differential D49674

copy_file_range: Fix overlap checking
ClosedPublic
Actions

Authored by markj on Apr 5 2025, 4:40 PM.
Tags
None
Referenced Files
F132445124: D49674.id153183.diff
Fri, Oct 17, 12:24 AM
Unknown Object (File)
Fri, Oct 10, 4:26 PM
Unknown Object (File)
Sat, Oct 4, 12:47 AM
Unknown Object (File)
Fri, Oct 3, 5:25 PM
Unknown Object (File)
Fri, Oct 3, 5:11 AM
Unknown Object (File)
Fri, Oct 3, 5:01 AM
Unknown Object (File)
Fri, Oct 3, 4:56 AM
Unknown Object (File)
Sat, Sep 27, 6:20 AM
View All 68 Files
Subscribers
imp
olce

Details

Reviewers
rmacklem
kib
Commits
rGfb405ecd9f52: copy_file_range: Fix overlap checking
rG1101d628223d: copy_file_range: Fix overlap checking
Summary

The check for range overlap did not correctly handle negative offests,
as the addition inoff + len is promoted to an unsigned type. Moreover,
the range-locking code did not check for overflow.

Add some checks to make sure the ranges are valid. vn_copy_file_range()
has weaker checks: it also returns an error for a negative offset, but
overflow results in the copy length being truncated. Is this behaviour
required for compatibility with Linux?

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.Apr 5 2025, 4:40 PM
Herald added subscribers: olce, imp. · View Herald TranscriptApr 5 2025, 4:40 PM
markj requested review of this revision.Apr 5 2025, 4:40 PM
Harbormaster completed remote builds in B63336: Diff 153178.Apr 5 2025, 4:40 PM
rmacklem added inline comments.Apr 5 2025, 4:57 PM
sys/kern/vfs_syscalls.c
5087

The "len" argument is often just SSIZE_MAX to
copy to EOF on the input file, so I think truncation
of "off + len" to OFF_MAX (or whatever it is called?)
when it overflows is correct.

markj updated this revision to Diff 153183.Apr 5 2025, 8:46 PM

Truncate lengths rather than returning an error.

Harbormaster completed remote builds in B63340: Diff 153183.Apr 5 2025, 8:46 PM
markj marked an inline comment as done.Apr 5 2025, 8:46 PM
rmacklem added inline comments.Apr 5 2025, 9:08 PM
sys/kern/vfs_syscalls.c
5087

I think this is ok.

However, rangelocking should handle the
full uint64_t file size, I think? (The argument
is vm_ooffset_t, which appears to be uint64_t.)

If so, since len is already clipped to SSIZE_MAX
above here in the code, this clipping should not
be needed, I think?

markj added inline comments.Apr 7 2025, 12:20 PM
sys/kern/vfs_syscalls.c
5087

You're right. I was also concerned about overflow in the check immediately below in the invp == outvp case, but clamping len to SSIZE_MAX is sufficient there too.

markj updated this revision to Diff 153238.Apr 7 2025, 12:20 PM

Remove unnecessary clamping.

Harbormaster completed remote builds in B63368: Diff 153238.Apr 7 2025, 12:20 PM
rmacklem accepted this revision.Apr 7 2025, 12:28 PM

This looks fine to me.

This revision is now accepted and ready to land.Apr 7 2025, 12:28 PM
Closed by commit rG1101d628223d: copy_file_range: Fix overlap checking (authored by markj). · Explain WhyApr 7 2025, 2:11 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG1101d628223d: copy_file_range: Fix overlap checking.
markj added a commit: rGfb405ecd9f52: copy_file_range: Fix overlap checking.Apr 24 2025, 1:21 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
9 lines

Diff 153243

View Options

sys/kern/vfs_syscalls.c

Loading...