Page MenuHomeFreeBSD

vfs_syscalls.c: Fix handling of offset arguments for copy_file_range
ClosedPublic

Authored by rmacklem on Aug 9 2025, 2:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 13, 3:13 AM
Unknown Object (File)
Fri, Oct 10, 9:44 PM
Unknown Object (File)
Fri, Oct 10, 9:44 PM
Unknown Object (File)
Fri, Oct 10, 9:44 PM
Unknown Object (File)
Fri, Oct 10, 3:56 PM
Unknown Object (File)
Thu, Oct 9, 4:59 PM
Unknown Object (File)
Fri, Oct 3, 9:10 AM
Unknown Object (File)
Fri, Oct 3, 8:53 AM
Subscribers

Details

Summary

Commit 197997a broke handling of the offset
arguments to copy_file_range() when specified non-NULL.
The code fails to update the offsets and, as such, a loop like:

do {

len = copy_file_range(infd, &inpos, outfd, &outpos,
      SSIZE_MAX, 0);

} while (len > 0);

becomes an infinite loop, just doing the same copy over and
over again.

This patch fixes it.

The clause "(foffsets_locked || foffsets_set)" is not actually
needed for correctness, but I thought it made the code
a little more readable and might avoid some static
analyzer from throwing a "user before being set" for
the savinoff and savoutoff variables.

Test Plan

Tested with a little program that has the do loop
mentioned in the summary.

The good news is that all the uses of copy_file_range()
in /usr/src pass in NULL offset arguments, so they were
not broken.

The not so good news is that this bug made it out into
14.3.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

The not so good news is that this bug made it out into 14.3.

I'll submit an EN since this is my bug (unless you'd really like to).

This revision is now accepted and ready to land.Aug 9 2025, 9:01 PM

The not so good news is that this bug made it out into 14.3.

I'll submit an EN since this is my bug (unless you'd really like to).

You are more than welcome to do so.
I'll give it a 2week MFC and you'll see it go into stable/14 in two weeks.

The not so good news is that this bug made it out into 14.3.

I'll submit an EN since this is my bug (unless you'd really like to).

You are more than welcome to do so.
I'll give it a 2week MFC and you'll see it go into stable/14 in two weeks.

This is now in stable/14 as 2fd0083fcc23, so it's all yours.
Thanks for doing the EN, rick