From nobody Wed Jan 03 01:36:35 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T4XPb3VrWz56MLd;
	Wed,  3 Jan 2024 01:36:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4T4XPb2YJzz4Fh5;
	Wed,  3 Jan 2024 01:36:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1704245795;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QICeL+h1RCNkRxUWplnuLT/jJ/1fiNyJRkXJw5336mI=;
	b=gMYI3yXIkL3gDLWTqudogzEru4GBl5GPK4ZceYC64O7OWKMI8KJAw3Nv+nr6IrCfV27V7x
	lO0xwONoTRdRAQ+oy2Vokt1uYgJLs1dr4c5rOGInfiDMQ8MR+YR77ZIsG+7+bg3jNRJW7T
	Asw0maRV15iDcw9z3RcF3/PeA9zLH8SRf70Q7500a8I1oxh5NYYo0xxv1MgkVrvoYoyCAb
	9fPVGK3Yvylousk8f9b2PzTR48psqh0dKO+n4nMgHXd56NZdyNrYbwCrhLWtfRpPWfBxTz
	0Vy0jJ0A7oDCjfc3FVPTq6hCzN5m4mvUu8F9F+OvNfovhag1oDc2YBAY9ME7EQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704245795; a=rsa-sha256; cv=none;
	b=C1dZfySi8DgdVgbqd5AW9OwpLgSjDl4ijgE9gYrRSNmZ2DBQMyby+IzC8vkXUAr95Sjb6W
	1MbZxvzURiGllLUfAd04J3IRo4gtqR0+M1bjS83/0iRWCdVSe03o+0A0sOFbXub+IkQdW6
	NBxaodzecV6HQBxN+KJcIlIVYkqRF+s8FhE3OMOZTR6hJqhxVR4RtWrxtulcBSFQOqPNQ2
	MfatqYnslElSQ2owKeWRT3ZQeMw2XVpJmhATG5sRB0uhLVSlP/qEu/5NUBNC+ENeth4VnC
	nq/tPSv+tS+P+XvL3Llue/CNzuQpFbfxdbVdNFcxN8nnNoBojqZgRr+u8DlxyQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1704245795;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QICeL+h1RCNkRxUWplnuLT/jJ/1fiNyJRkXJw5336mI=;
	b=fvK2mGqIbaXuIix50o+/GWRrh8wuS23QGUQRmgv1SxV9dnySZFq0YOxTZel5C5fE++1SOr
	P++4bQaVyuJIuK4hhv1eX3U5ZX2nhyKgwhawUY3VmqJYWRSlTgW4zM79hCOnHhRHtP7AQG
	npXL0t5WCtuSwixut4KEykc+QBSLPL0wlfDkOnvjHVOAc1SBGbrWMn+PiPCUlgsda6BEYx
	HWsHaAxpuiSmUM6swIQuQjTEN8oZfQOpqvmbwdyZbmpMET3eLjf4mPA3KqFtK/cXt3P9GP
	egZGBYC5leYhWzBhuMGhOLtOq/PBkqMwWL+sCo4azlJExwhUvCMmDJGWfrIQoA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T4XPb1Mcdz1PMd;
	Wed,  3 Jan 2024 01:36:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4031aZtH006652;
	Wed, 3 Jan 2024 01:36:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4031aZIG006649;
	Wed, 3 Jan 2024 01:36:35 GMT
	(envelope-from git)
Date: Wed, 3 Jan 2024 01:36:35 GMT
Message-Id: <202401030136.4031aZIG006649@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: e7044084cf81 - stable/13 - vfs_vnops.c: Fix
  vn_generic_copy_file_range() for truncation
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: e7044084cf813bfb66cbea8e9278895b26eda5d2
Auto-Submitted: auto-generated

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=e7044084cf813bfb66cbea8e9278895b26eda5d2

commit e7044084cf813bfb66cbea8e9278895b26eda5d2
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2023-12-31 23:55:24 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2024-01-03 01:34:31 +0000

    vfs_vnops.c: Fix vn_generic_copy_file_range() for truncation
    
    When copy_file_range(2) was first being developed,
    *inoffp + len had to be <= infile_size or an error was
    returned. This semantic (as defined by Linux) changed
    to allow *inoffp + len to be greater than infile_size and
    the copy would end at *inoffp + infile_size.
    
    Unfortunately, the code that decided if the outfd should
    be truncated in length did not get updated for this
    semantics change.
    As such, if a copy_file_range(2) is done, where infile_size - *inoffp
    is less that outfile_size but len is large, the outfd file is truncated
    when it should not be. (The semantics for this for Linux is to not
    truncate outfd in this case.)
    
    This patch fixes the problem. I believe the calculation is safe
    for all non-negative values of outsize, *outoffp, *inoffp and insize,
    which should be ok, since they are all guaranteed to be non-negative.
    
    Note that this bug is not observed over NFSv4.2, since it truncates
    len to infile_size - *inoffp.
    
    PR:     276045
    
    (cherry picked from commit 2319ca6a01816f7fc85d623097c639f239e18c6a)
---
 sys/kern/vfs_vnops.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index e720ef151c9e..f5961a33f960 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -3318,8 +3318,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *inoffp,
 		goto out;
 	if (VOP_PATHCONF(invp, _PC_MIN_HOLE_SIZE, &holein) != 0)
 		holein = 0;
-	if (holein > 0)
-		error = VOP_GETATTR(invp, &inva, incred);
+	error = VOP_GETATTR(invp, &inva, incred);
 	VOP_UNLOCK(invp);
 	if (error != 0)
 		goto out;
@@ -3355,8 +3354,11 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *inoffp,
 		 */
 		if (error == 0)
 			error = VOP_GETATTR(outvp, &va, outcred);
-		if (error == 0 && va.va_size > *outoffp && va.va_size <=
-		    *outoffp + len) {
+		if (error == 0 && va.va_size > *outoffp &&
+		    *outoffp <= OFF_MAX - len && va.va_size <= *outoffp + len &&
+		    *inoffp < inva.va_size &&
+		    *outoffp <= OFF_MAX - (inva.va_size - *inoffp) &&
+		    outsize <= *outoffp + (inva.va_size - *inoffp)) {
 #ifdef MAC
 			error = mac_vnode_check_write(curthread->td_ucred,
 			    outcred, outvp);