Date: Wed, 2 Oct 2019 15:45:49 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r353010 - head/sys/kern Message-ID: <201910021545.x92Fjntm031994@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Wed Oct 2 15:45:49 2019 New Revision: 353010 URL: https://svnweb.freebsd.org/changeset/base/353010 Log: Disallow fcntl(F_READAHEAD) when the vnode is not a regular file. The mountpoint may not have defined an iosize parameter, so an attempt to configure readahead on a device file can lead to a divide-by-zero crash. The sequential heuristic is not applied to I/O to or from device files, and posix_fadvise(2) returns an error when v_type != VREG, so perform the same check here. Reported by: syzbot+e4b682208761aa5bc53a@syzkaller.appspotmail.com Reviewed by: kib MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D21864 Modified: head/sys/kern/kern_descrip.c Modified: head/sys/kern/kern_descrip.c ============================================================================== --- head/sys/kern/kern_descrip.c Wed Oct 2 15:19:39 2019 (r353009) +++ head/sys/kern/kern_descrip.c Wed Oct 2 15:45:49 2019 (r353010) @@ -788,6 +788,12 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_ break; } vp = fp->f_vnode; + if (vp->v_type != VREG) { + fdrop(fp, td); + error = ENOTTY; + break; + } + /* * Exclusive lock synchronizes against f_seqcount reads and * writes in sequential_heuristic().
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910021545.x92Fjntm031994>