svn commit: r353010 - head/sys/kern
Mark Johnston
markj at FreeBSD.org
Wed Oct 2 15:45:49 UTC 2019
Author: markj
Date: Wed Oct 2 15:45:49 2019
New Revision: 353010
URL: https://svnweb.freebsd.org/changeset/base/353010
Log:
Disallow fcntl(F_READAHEAD) when the vnode is not a regular file.
The mountpoint may not have defined an iosize parameter, so an attempt
to configure readahead on a device file can lead to a divide-by-zero
crash.
The sequential heuristic is not applied to I/O to or from device files,
and posix_fadvise(2) returns an error when v_type != VREG, so perform
the same check here.
Reported by: syzbot+e4b682208761aa5bc53a at syzkaller.appspotmail.com
Reviewed by: kib
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21864
Modified:
head/sys/kern/kern_descrip.c
Modified: head/sys/kern/kern_descrip.c
==============================================================================
--- head/sys/kern/kern_descrip.c Wed Oct 2 15:19:39 2019 (r353009)
+++ head/sys/kern/kern_descrip.c Wed Oct 2 15:45:49 2019 (r353010)
@@ -788,6 +788,12 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_
break;
}
vp = fp->f_vnode;
+ if (vp->v_type != VREG) {
+ fdrop(fp, td);
+ error = ENOTTY;
+ break;
+ }
+
/*
* Exclusive lock synchronizes against f_seqcount reads and
* writes in sequential_heuristic().
More information about the svn-src-all
mailing list