HomeFreeBSD
Diffusion FreeBSD src repository 26b23f07fb98

sendfile: Ensure that sfio->npages is initialized
26b23f07fb98
Actions

Description

sendfile: Ensure that sfio->npages is initialized

We initialize sfio->npages only when some I/O is required to satisfy the
request. However, sendfile_iodone() contains an INVARIANTS-only check
that references sfio->npages, and this check is executed even if no I/O
is performed, so the check may use an uninitialized value.

Fix the problem by initializing sfio->npages earlier. Note that
sendfile_swapin() always initializes the page array. In some rare cases
we need to trim the page array so ensure that sfio->npages gets updated
accordingly.

Reported by: syzkaller (with KASAN)
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27726

Details

Provenance
markjAuthored on Dec 26 2020, 9:07 PM
Reviewer
kib
Differential Revision
D27726: sendfile: Ensure that sfio->npages is initialized
Parents
rG5d58f959d39b: jail: Fix lock-free access to dynamic pr.allow flags
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
kern/

rG26b23f07fb98

View Options

sys/kern/kern_sendfile.c

Loading...