vop_stdadvise(): restore correct handling of length == 0
ClosedPublic
Actions

Authored by kib on Sep 3 2024, 4:27 AM.

Details

Reviewers

tmunro
markj

Commits

rG79eba754bec3: vop_stdadvise(): restore correct handling of length == 0

Summary

Switch to unsigned arithmetic to handle overflow not relying on -fwrap,
and specially treat the case of length == 0 from posix_fadvise() which
passes OFF_MAX as the end to VOP.  There, roundup() overflows and -fwrap
causes bend and endn become negative.  Clamp them at OFF_MAX/bsize
instead.

Also remove locals with single use, and move calculations from under bo
lock.

Reported by:    tmunro

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kib created this revision.Sep 3 2024, 4:27 AM

Herald added subscribers: olce, imp. · View Herald TranscriptSep 3 2024, 4:27 AM

kib requested review of this revision.Sep 3 2024, 4:27 AM

markj accepted this revision.Sep 3 2024, 12:53 PM

markj added inline comments.

sys/kern/vfs_default.c
1122

This revision is now accepted and ready to land.Sep 3 2024, 12:53 PM

kib marked an inline comment as done.Sep 3 2024, 9:34 PM

tmunro added inline comments.Sep 4 2024, 6:04 AM

sys/kern/vfs_default.c
1119	I don't think we need this "Restore length" hunk. The round_page() call always just adds one to OFF_MAX (0x7fffffffffffffff -> 0x8000000000000000), so the change to uintmax_t is enough to make the existing endn = bend / bsize produce a correct positive answer.