From nobody Sun Dec 31 23:57:52 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T3GJd05LZz55cLJ;
	Sun, 31 Dec 2023 23:57:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4T3GJc6gNqz4Qrg;
	Sun, 31 Dec 2023 23:57:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1704067072;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=dF8WuFHLI7OoD8onfRJyx4/0ljwKUQJ0aWJIHjU9ar4=;
	b=sOLVWuaZTIo6xygf6umIO2I7EVO49Aj/pkCFl5Hf4/11Xmzo/cdqyCBPLpVJpshaRb7CvK
	AF/bfmtZ5RDJRmXPvSmTWwYCEVFOrBxNdtNaubTaWLzVYACRD+WJWVUzf509EGhDrWvbQp
	G9wBgjb6ZSbGU9unP4IDUj2HaRMEqQf9Z09q+NcDU0UA1Ab+8xN3oRzPQ3wsidUOhH0xVH
	5S0wEaIpF2iJhhJFPwVqp+oUAsX36kyT3UKXSMkYT9FIpd0j0Tb8wPYNLpXoRS+3N6+1Y3
	6Ft+o0g6uaPr9v6xOLWOqTOKwExCtfh3yVlpdhoaqBb3FUEcd4dLykDJGBonxw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704067072; a=rsa-sha256; cv=none;
	b=XmlkAc01EUYtKBlQU/VOsyKXMpx/0ISHYs03ArKYmIEI0ov56oxpNjL4L+Xb40vbalj2H0
	dRzsM3KrqfMt1ATjY6skatAPiE2cERXX13slebxandtkVBSbzpdCrYpdtbGpI/zuKan5JE
	Ubaqu1fzmzV51WDTP64E14yLhUoz0Lih64GMevRsYkUdd6If8zqM2llE4aJrofIWLFsyba
	ZlDrucM4+2Jya7wzQmq7DFFqlHbsnpZP4fMbgeGr/N6jbx/wX6Ss8JNqtsmoQpluB/X5G3
	8pNv3x8VLVYMTsNjnX/PtXTSqKdyNFP87lphHWo4Ba4WI53K+qFEMHI3ItWvPA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1704067072;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=dF8WuFHLI7OoD8onfRJyx4/0ljwKUQJ0aWJIHjU9ar4=;
	b=fMuBEHRpcglY4pOfz+4jxvYMBwVAqvPtAs8BD3CVI6/KXeLE19NhpThg/lkCKQCqThw1Uu
	3oWxjlU21N46MWq4O//juQwtjtFnNpePKFfe7yszag+Aiu9EnJkHV/0BofJ2obMGzSuQpq
	jaqYtAyi8DQqYic9MsngEqveagShdeRd/gqrjBLzBdwZ6AUUTSj9DV74Nc0MFf6MUr+ato
	J1gdmYpeyu2AWnzRYxfnaQCBRW/f5FccdgQk9IxUNnKt13AxcDLVUyoNfu2QKPaMt6Pylx
	7MGjY/j8NFJni8at1QyjB9cRrTWmCtR5f5zZFbRviBSIflHSyZQ6mwXZXjLixw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T3GJc5QhnzvGM;
	Sun, 31 Dec 2023 23:57:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3BVNvqoK097361;
	Sun, 31 Dec 2023 23:57:52 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3BVNvq4c097358;
	Sun, 31 Dec 2023 23:57:52 GMT
	(envelope-from git)
Date: Sun, 31 Dec 2023 23:57:52 GMT
Message-Id: <202312312357.3BVNvq4c097358@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 2319ca6a0181 - main - vfs_vnops.c: Fix
  vn_generic_copy_file_range() for truncation
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 2319ca6a01816f7fc85d623097c639f239e18c6a
Auto-Submitted: auto-generated

The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=2319ca6a01816f7fc85d623097c639f239e18c6a

commit 2319ca6a01816f7fc85d623097c639f239e18c6a
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-12-31 23:55:24 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2023-12-31 23:55:24 +0000

    vfs_vnops.c: Fix vn_generic_copy_file_range() for truncation
    
    When copy_file_range(2) was first being developed,
    *inoffp + len had to be <= infile_size or an error was
    returned. This semantic (as defined by Linux) changed
    to allow *inoffp + len to be greater than infile_size and
    the copy would end at *inoffp + infile_size.
    
    Unfortunately, the code that decided if the outfd should
    be truncated in length did not get updated for this
    semantics change.
    As such, if a copy_file_range(2) is done, where infile_size - *inoffp
    is less that outfile_size but len is large, the outfd file is truncated
    when it should not be. (The semantics for this for Linux is to not
    truncate outfd in this case.)
    
    This patch fixes the problem. I believe the calculation is safe
    for all non-negative values of outsize, *outoffp, *inoffp and insize,
    which should be ok, since they are all guaranteed to be non-negative.
    
    Note that this bug is not observed over NFSv4.2, since it truncates
    len to infile_size - *inoffp.
    
    PR:     276045
    Reviewed by:    asomers, kib
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D43258
---
 sys/kern/vfs_vnops.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 7fe861ccaee7..1852f2b1ef00 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -3361,8 +3361,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *inoffp,
 		goto out;
 	if (VOP_PATHCONF(invp, _PC_MIN_HOLE_SIZE, &holein) != 0)
 		holein = 0;
-	if (holein > 0)
-		error = vn_getsize_locked(invp, &insize, incred);
+	error = vn_getsize_locked(invp, &insize, incred);
 	VOP_UNLOCK(invp);
 	if (error != 0)
 		goto out;
@@ -3398,7 +3397,11 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *inoffp,
 		 */
 		if (error == 0)
 			error = vn_getsize_locked(outvp, &outsize, outcred);
-		if (error == 0 && outsize > *outoffp && outsize <= *outoffp + len) {
+		if (error == 0 && outsize > *outoffp &&
+		    *outoffp <= OFF_MAX - len && outsize <= *outoffp + len &&
+		    *inoffp < insize &&
+		    *outoffp <= OFF_MAX - (insize - *inoffp) &&
+		    outsize <= *outoffp + (insize - *inoffp)) {
 #ifdef MAC
 			error = mac_vnode_check_write(curthread->td_ucred,
 			    outcred, outvp);