HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS349248

fcntl: fix overflow when setting F_READAHEAD
rS349248
Actions

Description

fcntl: fix overflow when setting F_READAHEAD

VOP_READ and VOP_WRITE take the seqcount in blocks in a 16-bit field.
However, fcntl allows you to set the seqcount in bytes to any nonnegative
31-bit value. The result can be a 16-bit overflow, which will be
sign-extended in functions like ffs_read. Fix this by sanitizing the
argument in kern_fcntl. As a matter of policy, limit to IO_SEQMAX rather
than INT16_MAX.

Also, fifos have overloaded the f_seqcount field for a completely different
purpose ever since r238936. Formalize that by using a union type.

Reviewed by: cem
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D20710

Details

Provenance
asomersAuthored on
Reviewer
cem
Differential Revision
D20710: fcntl: fix overflow when setting F_READAHEAD
Parents
rS349247: fusefs: attempt to support servers as old as protocol 7.4
Branches
Unknown
Tags
Unknown

Changes (5)

PathSize
head/
sys/
fs/
fifofs/
kern/
sys/

rS349248

View Options

head/sys/fs/fifofs/fifo_vnops.c

Loading...
View Options

head/sys/kern/kern_descrip.c

Loading...
View Options

head/sys/kern/sys_pipe.c

Loading...
View Options

head/sys/kern/vfs_vnops.c

Loading...
View Options

head/sys/sys/file.h

Loading...