Fix found places where uio_resid is truncated to int.

Add the sysctl debug.iosize_max_clamp, enabled by default. Setting the sysctl to zero allows to perform the SSIZE_MAX-sized i/o requests from the usermode. Discussed with: bde, das (previous versions) MFC after: 1 month
svn path=/head/; revision=231949
2012-02-21 01:05:12 +00:00 · 2012-02-21 01:05:12 +00:00 · 526d0bd547 · 2020-12-20 02:59:44 +00:00
commit 526d0bd547
parent 57a82ba4d9
33 changed files with 132 additions and 90 deletions
--- a/sys/cddl/compat/opensolaris/sys/vnode.h
+++ b/sys/cddl/compat/opensolaris/sys/vnode.h
@ -223,7 +223,8 @@ zfs_vn_rdwr(enum uio_rw rw, vnode_t *vp, caddr_t base, ssize_t len,
    ssize_t *residp)
 {
 	struct thread *td = curthread;
-	int error, vfslocked, resid;
+	int error, vfslocked;
+	ssize_t resid;

 	ASSERT(ioflag == 0);
 	ASSERT(ulimit == RLIM64_INFINITY);
--- a/sys/compat/ndis/subr_ndis.c
+++ b/sys/compat/ndis/subr_ndis.c
@ -2862,7 +2862,8 @@ NdisMapFile(status, mappedbuffer, filehandle)
 	struct thread		*td = curthread;
 	linker_file_t		lf;
 	caddr_t			kldstart;
-	int			error, resid, vfslocked;
+	int			error, vfslocked;
+	ssize_t			resid;
 	struct vnode		*vp;

 	if (filehandle == NULL) {
--- a/sys/fs/cd9660/cd9660_vnops.c
+++ b/sys/fs/cd9660/cd9660_vnops.c
@ -318,7 +318,7 @@ cd9660_read(ap)
 	do {
 		lbn = lblkno(imp, uio->uio_offset);
 		on = blkoff(imp, uio->uio_offset);
-		n = min((u_int)(imp->logical_block_size - on),
+		n = MIN((u_int)(imp->logical_block_size - on),
 			uio->uio_resid);
 		diff = (off_t)ip->i_size - uio->uio_offset;
 		if (diff <= 0)
@ -343,7 +343,7 @@ cd9660_read(ap)
 			} else
 				error = bread(vp, lbn, size, NOCRED, &bp);
 		}
-		n = min(n, size - bp->b_resid);
+		n = MIN(n, size - bp->b_resid);
 		if (error) {
 			brelse(bp);
 			return (error);
--- a/sys/fs/devfs/devfs_vnops.c
+++ b/sys/fs/devfs/devfs_vnops.c
@ -1156,7 +1156,8 @@ static int
 devfs_read_f(struct file *fp, struct uio *uio, struct ucred *cred, int flags, struct thread *td)
 {
 	struct cdev *dev;
-	int ioflag, error, ref, resid;
+	int ioflag, error, ref;
+	ssize_t resid;
 	struct cdevsw *dsw;
 	struct file *fpop;

@ -1634,7 +1635,8 @@ static int
 devfs_write_f(struct file *fp, struct uio *uio, struct ucred *cred, int flags, struct thread *td)
 {
 	struct cdev *dev;
-	int error, ioflag, ref, resid;
+	int error, ioflag, ref;
+	ssize_t resid;
 	struct cdevsw *dsw;
 	struct file *fpop;

--- a/sys/fs/ext2fs/ext2_lookup.c
+++ b/sys/fs/ext2fs/ext2_lookup.c
@ -1001,7 +1001,8 @@ ext2_dirempty(ip, parentino, cred)
 	off_t off;
 	struct dirtemplate dbuf;
 	struct ext2fs_direct_2 *dp = (struct ext2fs_direct_2 *)&dbuf;
-	int error, count, namlen;
+	int error, namlen;
+	ssize_t count;
 #define	MINDIRSIZ (sizeof(struct dirtemplate) / 2)

 	for (off = 0; off < ip->i_size; off += dp->e2d_reclen) {
--- a/sys/fs/msdosfs/msdosfs_vnops.c
+++ b/sys/fs/msdosfs/msdosfs_vnops.c
@ -543,7 +543,7 @@ msdosfs_read(ap)
 	int error = 0;
 	int blsize;
 	int isadir;
-	int orig_resid;
+	ssize_t orig_resid;
 	u_int n;
 	u_long diff;
 	u_long on;
@ -643,7 +643,7 @@ msdosfs_write(ap)
 {
 	int n;
 	int croffset;
-	int resid;
+	ssize_t resid;
 	u_long osize;
 	int error = 0;
 	u_long count;
--- a/sys/fs/nfsclient/nfs_clbio.c
+++ b/sys/fs/nfsclient/nfs_clbio.c
@ -570,7 +570,7 @@ ncl_bioread(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *cred)

 		n = 0;
 		if (on < bcount)
-			n = min((unsigned)(bcount - on), uio->uio_resid);
+			n = MIN((unsigned)(bcount - on), uio->uio_resid);
 		break;
 	    case VLNK:
 		NFSINCRGLOBAL(newnfsstats.biocache_readlinks);
@ -589,7 +589,7 @@ ncl_bioread(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *cred)
 			return (error);
 		    }
 		}
-		n = min(uio->uio_resid, NFS_MAXPATHLEN - bp->b_resid);
+		n = MIN(uio->uio_resid, NFS_MAXPATHLEN - bp->b_resid);
 		on = 0;
 		break;
 	    case VDIR:
@ -757,8 +757,8 @@ nfs_directio_write(vp, uiop, cred, ioflag)
 		struct iovec iov;
 do_sync:
 		while (uiop->uio_resid > 0) {
-			size = min(uiop->uio_resid, wsize);
-			size = min(uiop->uio_iov->iov_len, size);
+			size = MIN(uiop->uio_resid, wsize);
+			size = MIN(uiop->uio_iov->iov_len, size);
 			iov.iov_base = uiop->uio_iov->iov_base;
 			iov.iov_len = size;
 			uio.uio_iov = &iov;
@ -806,8 +806,8 @@ nfs_directio_write(vp, uiop, cred, ioflag)
 		 * in NFS directio access.
 		 */
 		while (uiop->uio_resid > 0) {
-			size = min(uiop->uio_resid, wsize);
-			size = min(uiop->uio_iov->iov_len, size);
+			size = MIN(uiop->uio_resid, wsize);
+			size = MIN(uiop->uio_iov->iov_len, size);
 			bp = getpbuf(&ncl_pbuf_freecnt);
 			t_uio = malloc(sizeof(struct uio), M_NFSDIRECTIO, M_WAITOK);
 			t_iov = malloc(sizeof(struct iovec), M_NFSDIRECTIO, M_WAITOK);
@ -1023,7 +1023,7 @@ ncl_write(struct vop_write_args *ap)
 		NFSINCRGLOBAL(newnfsstats.biocache_writes);
 		lbn = uio->uio_offset / biosize;
 		on = uio->uio_offset & (biosize-1);
-		n = min((unsigned)(biosize - on), uio->uio_resid);
+		n = MIN((unsigned)(biosize - on), uio->uio_resid);
 again:
 		/*
 		 * Handle direct append and file extension cases, calculate
@ -1572,7 +1572,7 @@ ncl_doio(struct vnode *vp, struct buf *bp, struct ucred *cr, struct thread *td,
 			 * writes, but that is not possible any longer.
 			 */
 			int nread = bp->b_bcount - uiop->uio_resid;
-			int left  = uiop->uio_resid;
+			ssize_t left = uiop->uio_resid;

 			if (left > 0)
 				bzero((char *)bp->b_data + nread, left);
--- a/sys/fs/nfsclient/nfs_clvnops.c
+++ b/sys/fs/nfsclient/nfs_clvnops.c
@ -2177,7 +2177,8 @@ nfs_readdir(struct vop_readdir_args *ap)
 	struct vnode *vp = ap->a_vp;
 	struct nfsnode *np = VTONFS(vp);
 	struct uio *uio = ap->a_uio;
-	int tresid, error = 0;
+	ssize_t tresid;
+	int error = 0;
 	struct vattr vattr;
 	
 	if (vp->v_type != VDIR) 
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@ -3962,7 +3962,7 @@ nfsrv_setupstable(NFSPROC_T *p)
 	struct nfst_rec *tsp;
 	int error, i, tryagain;
 	off_t off = 0;
-	int aresid, len;
+	ssize_t aresid, len;
 	struct timeval curtime;

 	/*
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@ -589,7 +589,8 @@ pfs_read(struct vop_read_args *va)
 	struct proc *proc;
 	struct sbuf *sb = NULL;
 	int error, locked;
-	unsigned int buflen, offset, resid;
+	off_t offset;
+	ssize_t buflen, resid;

 	PFS_TRACE(("%s", pn->pn_name));
 	pfs_assert_not_owned(pn);
--- a/sys/fs/udf/udf_vnops.c
+++ b/sys/fs/udf/udf_vnops.c
@ -439,8 +439,9 @@ udf_read(struct vop_read_args *ap)
 	uint8_t *data;
 	daddr_t lbn, rablock;
 	off_t diff, fsize;
+	ssize_t n;
 	int error = 0;
-	long size, n, on;
+	long size, on;

 	if (uio->uio_resid == 0)
 		return (0);
--- a/sys/kern/kern_ctf.c
+++ b/sys/kern/kern_ctf.c
@ -68,7 +68,7 @@ link_elf_ctf_get(linker_file_t lf, linker_ctf_t *lc)
 	int flags;
 	int i;
 	int nbytes;
-	int resid;
+	ssize_t resid;
 	int vfslocked;
 	size_t sz;
 	struct nameidata nd;
--- a/sys/kern/kern_gzio.c
+++ b/sys/kern/kern_gzio.c
@ -97,7 +97,7 @@ gzFile gz_open (path, mode, vp)
    gz_stream *s;
    char fmode[80]; /* copy of mode, without the compression level */
    char *m = fmode;
-    int resid;
+    ssize_t resid;
    int error;
    char buf[GZ_HEADER_LEN + 1];

@ -342,7 +342,7 @@ local void putU32 (s, x)
 {
    uint32_t xx;
    off_t curoff = s->outoff;
-    int resid;
+    ssize_t resid;

 #if BYTE_ORDER == BIG_ENDIAN
    xx = bswap32(x);
--- a/sys/kern/kern_ktrace.c
+++ b/sys/kern/kern_ktrace.c
@ -684,7 +684,7 @@ ktrgenio(fd, rw, uio, error)
 	}
 	uio->uio_offset = 0;
 	uio->uio_rw = UIO_WRITE;
-	datalen = imin(uio->uio_resid, ktr_geniosize);
+	datalen = MIN(uio->uio_resid, ktr_geniosize);
 	buf = malloc(datalen, M_KTRACE, M_WAITOK);
 	error = uiomove(buf, datalen, uio);
 	free(uio, M_IOV);
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@ -1748,7 +1748,8 @@ linker_hints_lookup(const char *path, int pathlen, const char *modname,
 	struct vattr vattr, mattr;
 	u_char *hints = NULL;
 	u_char *cp, *recptr, *bufend, *result, *best, *pathbuf, *sep;
-	int error, ival, bestver, *intp, reclen, found, flags, clen, blen;
+	int error, ival, bestver, *intp, found, flags, clen, blen;
+	ssize_t reclen;
 	int vfslocked = 0;

 	result = NULL;
@ -1793,7 +1794,7 @@ linker_hints_lookup(const char *path, int pathlen, const char *modname,
 	VFS_UNLOCK_GIANT(vfslocked);
 	nd.ni_vp = NULL;
 	if (reclen != 0) {
-		printf("can't read %d\n", reclen);
+		printf("can't read %zd\n", reclen);
 		goto bad;
 	}
 	intp = (int *)hints;
--- a/sys/kern/link_elf.c
+++ b/sys/kern/link_elf.c
@ -655,7 +655,8 @@ link_elf_load_file(linker_class_t cls, const char* filename,
 	Elf_Addr base_vaddr;
 	Elf_Addr base_vlimit;
 	int error = 0;
-	int resid, flags;
+	ssize_t resid;
+	int flags;
 	elf_file_t ef;
 	linker_file_t lf;
 	Elf_Shdr *shdr;
--- a/sys/kern/link_elf_obj.c
+++ b/sys/kern/link_elf_obj.c
@ -440,7 +440,8 @@ link_elf_load_file(linker_class_t cls, const char *filename,
 	vm_offset_t mapbase;
 	size_t mapsize;
 	int error = 0;
-	int resid, flags;
+	ssize_t resid;
+	int flags;
 	elf_file_t ef;
 	linker_file_t lf;
 	int symtabindex;
--- a/sys/kern/subr_uio.c
+++ b/sys/kern/subr_uio.c
@ -171,7 +171,7 @@ uiomove_faultflag(void *cp, int n, struct uio *uio, int nofault)
 {
 	struct thread *td;
 	struct iovec *iov;
-	u_int cnt;
+	size_t cnt;
 	int error, newflags, save;

 	td = curthread;
@ -245,14 +245,14 @@ uiomove_faultflag(void *cp, int n, struct uio *uio, int nofault)
 int
 uiomove_frombuf(void *buf, int buflen, struct uio *uio)
 {
-	unsigned int offset, n;
+	size_t offset, n;

 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
 	    (offset = uio->uio_offset) != uio->uio_offset)
 		return (EINVAL);
 	if (buflen <= 0 || offset >= buflen)
 		return (0);
-	if ((n = buflen - offset) > INT_MAX)
+	if ((n = buflen - offset) > IOSIZE_MAX)
 		return (EINVAL);
 	return (uiomove((char *)buf + offset, n, uio));
 }
@ -479,7 +479,7 @@ copyinuio(const struct iovec *iovp, u_int iovcnt, struct uio **uiop)
 	uio->uio_offset = -1;
 	uio->uio_resid = 0;
 	for (i = 0; i < iovcnt; i++) {
-		if (iov->iov_len > INT_MAX - uio->uio_resid) {
+		if (iov->iov_len > IOSIZE_MAX - uio->uio_resid) {
 			free(uio, M_IOV);
 			return (EINVAL);
 		}
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@ -74,6 +74,10 @@ __FBSDID("$FreeBSD$");

 #include <security/audit/audit.h>

+int iosize_max_clamp = 1;
+SYSCTL_INT(_debug, OID_AUTO, iosize_max_clamp, CTLFLAG_RW, &iosize_max_clamp, 0,
+    "Clamp max i/o size to INT_MAX");
+
 static MALLOC_DEFINE(M_IOCTLOPS, "ioctlops", "ioctl data buffer");
 static MALLOC_DEFINE(M_SELECT, "select", "select() buffer");
 MALLOC_DEFINE(M_IOV, "iov", "large iov's");
@ -145,7 +149,7 @@ sys_read(td, uap)
 	struct iovec aiov;
 	int error;

-	if (uap->nbyte > INT_MAX)
+	if (uap->nbyte > IOSIZE_MAX)
 		return (EINVAL);
 	aiov.iov_base = uap->buf;
 	aiov.iov_len = uap->nbyte;
@ -178,7 +182,7 @@ sys_pread(td, uap)
 	struct iovec aiov;
 	int error;

-	if (uap->nbyte > INT_MAX)
+	if (uap->nbyte > IOSIZE_MAX)
 		return (EINVAL);
 	aiov.iov_base = uap->buf;
 	aiov.iov_len = uap->nbyte;
@ -334,7 +338,12 @@ dofileread(td, fd, fp, auio, offset, flags)
 		ktrgenio(fd, UIO_READ, ktruio, error);
 	}
 #endif
+#if SSIZE_MAX > LONG_MAX
+	td->td_retval[1] = cnt >> (sizeof(register_t) * CHAR_BIT);
 	td->td_retval[0] = cnt;
+#else
+	td->td_retval[0] = cnt;
+#endif
 	return (error);
 }

@ -354,7 +363,7 @@ sys_write(td, uap)
 	struct iovec aiov;
 	int error;

-	if (uap->nbyte > INT_MAX)
+	if (uap->nbyte > IOSIZE_MAX)
 		return (EINVAL);
 	aiov.iov_base = (void *)(uintptr_t)uap->buf;
 	aiov.iov_len = uap->nbyte;
@ -387,7 +396,7 @@ sys_pwrite(td, uap)
 	struct iovec aiov;
 	int error;

-	if (uap->nbyte > INT_MAX)
+	if (uap->nbyte > IOSIZE_MAX)
 		return (EINVAL);
 	aiov.iov_base = (void *)(uintptr_t)uap->buf;
 	aiov.iov_len = uap->nbyte;
@ -546,7 +555,12 @@ dofilewrite(td, fd, fp, auio, offset, flags)
 		ktrgenio(fd, UIO_WRITE, ktruio, error);
 	}
 #endif
+#if SSIZE_MAX > LONG_MAX
+	td->td_retval[1] = cnt >> (sizeof(register_t) * CHAR_BIT);
 	td->td_retval[0] = cnt;
+#else
+	td->td_retval[0] = cnt;
+#endif
 	return (error);
 }

--- a/sys/kern/sys_pipe.c
+++ b/sys/kern/sys_pipe.c
@ -617,7 +617,7 @@ pipe_read(fp, uio, active_cred, flags, td)
 			size = rpipe->pipe_buffer.size - rpipe->pipe_buffer.out;
 			if (size > rpipe->pipe_buffer.cnt)
 				size = rpipe->pipe_buffer.cnt;
-			if (size > (u_int) uio->uio_resid)
+			if (size > uio->uio_resid)
 				size = (u_int) uio->uio_resid;

 			PIPE_UNLOCK(rpipe);
@ -650,7 +650,7 @@ pipe_read(fp, uio, active_cred, flags, td)
 		 */
 		} else if ((size = rpipe->pipe_map.cnt) &&
 			   (rpipe->pipe_state & PIPE_DIRECTW)) {
-			if (size > (u_int) uio->uio_resid)
+			if (size > uio->uio_resid)
 				size = (u_int) uio->uio_resid;

 			PIPE_UNLOCK(rpipe);
@ -764,9 +764,10 @@ pipe_build_write_buffer(wpipe, uio)
 	KASSERT(wpipe->pipe_state & PIPE_DIRECTW,
 		("Clone attempt on non-direct write pipe!"));

-	size = (u_int) uio->uio_iov->iov_len;
-	if (size > wpipe->pipe_buffer.size)
-		size = wpipe->pipe_buffer.size;
+	if (uio->uio_iov->iov_len > wpipe->pipe_buffer.size)
+                size = wpipe->pipe_buffer.size;
+	else
+                size = uio->uio_iov->iov_len;

 	if ((i = vm_fault_quick_hold_pages(&curproc->p_vmspace->vm_map,
 	    (vm_offset_t)uio->uio_iov->iov_base, size, VM_PROT_READ,
@ -960,7 +961,7 @@ pipe_write(fp, uio, active_cred, flags, td)
 	int flags;
 {
 	int error = 0;
-	int desiredsize, orig_resid;
+	size_t desiredsize, orig_resid;
 	struct pipe *wpipe, *rpipe;

 	rpipe = fp->f_data;
--- a/sys/kern/tty_ttydisc.c
+++ b/sys/kern/tty_ttydisc.c
@ -180,7 +180,7 @@ static int
 ttydisc_read_raw_no_timer(struct tty *tp, struct uio *uio, int ioflag)
 {
 	size_t vmin = tp->t_termios.c_cc[VMIN];
-	int oresid = uio->uio_resid;
+	ssize_t oresid = uio->uio_resid;
 	int error;

 	MPASS(tp->t_termios.c_cc[VTIME] == 0);
@ -265,7 +265,7 @@ static int
 ttydisc_read_raw_interbyte_timer(struct tty *tp, struct uio *uio, int ioflag)
 {
 	size_t vmin = tp->t_termios.c_cc[VMIN];
-	int oresid = uio->uio_resid;
+	ssize_t oresid = uio->uio_resid;
 	int error;

 	MPASS(tp->t_termios.c_cc[VMIN] != 0);
@ -1173,7 +1173,7 @@ int
 ttydisc_getc_uio(struct tty *tp, struct uio *uio)
 {
 	int error = 0;
-	int obytes = uio->uio_resid;
+	ssize_t obytes = uio->uio_resid;
 	size_t len;
 	char buf[TTY_STACKBUF];

--- a/sys/kern/uipc_mbuf.c
+++ b/sys/kern/uipc_mbuf.c
@ -1726,7 +1726,8 @@ struct mbuf *
 m_uiotombuf(struct uio *uio, int how, int len, int align, int flags)
 {
 	struct mbuf *m, *mb;
-	int error, length, total;
+	int error, length;
+	ssize_t total;
 	int progress = 0;

 	/*
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@ -887,7 +887,8 @@ sosend_copyin(struct uio *uio, struct mbuf **retmp, int atomic, long *space,
    int flags)
 {
 	struct mbuf *m, **mp, *top;
-	long len, resid;
+	long len;
+	ssize_t resid;
 	int error;
 #ifdef ZERO_COPY_SOCKETS
 	int cow_send;
@ -987,7 +988,8 @@ int
 sosend_dgram(struct socket *so, struct sockaddr *addr, struct uio *uio,
    struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
 {
-	long space, resid;
+	long space;
+	ssize_t resid;
 	int clen = 0, error, dontroute;
 #ifdef ZERO_COPY_SOCKETS
 	int atomic = sosendallatonce(so) || top;
@ -1159,7 +1161,8 @@ int
 sosend_generic(struct socket *so, struct sockaddr *addr, struct uio *uio,
    struct mbuf *top, struct mbuf *control, int flags, struct thread *td)
 {
-	long space, resid;
+	long space;
+	ssize_t resid;
 	int clen = 0, error, dontroute;
 	int atomic = sosendallatonce(so) || top;

@ -1456,11 +1459,12 @@ soreceive_generic(struct socket *so, struct sockaddr **psa, struct uio *uio,
    struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
 {
 	struct mbuf *m, **mp;
-	int flags, len, error, offset;
+	int flags, error, offset;
+	ssize_t len;
 	struct protosw *pr = so->so_proto;
 	struct mbuf *nextrecord;
 	int moff, type = 0;
-	int orig_resid = uio->uio_resid;
+	ssize_t orig_resid = uio->uio_resid;

 	mp = mp0;
 	if (psa != NULL)
@ -2119,7 +2123,8 @@ soreceive_dgram(struct socket *so, struct sockaddr **psa, struct uio *uio,
    struct mbuf **mp0, struct mbuf **controlp, int *flagsp)
 {
 	struct mbuf *m, *m2;
-	int flags, len, error;
+	int flags, error;
+	ssize_t len;
 	struct protosw *pr = so->so_proto;
 	struct mbuf *nextrecord;

--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@ -756,8 +756,8 @@ kern_sendit(td, s, mp, flags, control, segflg)
 	struct uio auio;
 	struct iovec *iov;
 	struct socket *so;
-	int i;
-	int len, error;
+	int i, error;
+	ssize_t len;
 	cap_rights_t rights;
 #ifdef KTRACE
 	struct uio *ktruio = NULL;
@ -956,7 +956,7 @@ kern_recvit(td, s, mp, fromseg, controlp)
 	struct uio auio;
 	struct iovec *iov;
 	int i;
-	socklen_t len;
+	ssize_t len;
 	int error;
 	struct mbuf *m, *control = 0;
 	caddr_t ctlbuf;
@ -1007,19 +1007,19 @@ kern_recvit(td, s, mp, fromseg, controlp)
 	    (mp->msg_control || controlp) ? &control : (struct mbuf **)0,
 	    &mp->msg_flags);
 	if (error) {
-		if (auio.uio_resid != (int)len && (error == ERESTART ||
+		if (auio.uio_resid != len && (error == ERESTART ||
 		    error == EINTR || error == EWOULDBLOCK))
 			error = 0;
 	}
 #ifdef KTRACE
 	if (ktruio != NULL) {
-		ktruio->uio_resid = (int)len - auio.uio_resid;
+		ktruio->uio_resid = len - auio.uio_resid;
 		ktrgenio(s, UIO_READ, ktruio, error);
 	}
 #endif
 	if (error)
 		goto out;
-	td->td_retval[0] = (int)len - auio.uio_resid;
+	td->td_retval[0] = len - auio.uio_resid;
 	if (mp->msg_name) {
 		len = mp->msg_namelen;
 		if (len <= 0 || fromsa == 0)
@ -2086,7 +2086,8 @@ kern_sendfile(struct thread *td, struct sendfile_args *uap,
 			else if (uap->flags & SF_NODISKIO)
 				error = EBUSY;
 			else {
-				int bsize, resid;
+				int bsize;
+				ssize_t resid;

 				/*
 				 * Ensure that our page is still around
@ -2510,7 +2511,8 @@ sys_sctp_generic_sendmsg_iov(td, uap)
 	struct sctp_sndrcvinfo sinfo, *u_sinfo = NULL;
 	struct socket *so;
 	struct file *fp = NULL;
-	int error=0, len, i;
+	int error=0, i;
+	ssize_t len;
 	struct sockaddr *to = NULL;
 #ifdef KTRACE
 	struct uio *ktruio = NULL;
@ -2637,7 +2639,8 @@ sys_sctp_generic_recvmsg(td, uap)
 	struct file *fp = NULL;
 	struct sockaddr *fromsa;
 	int fromlen;
-	int len, i, msg_flags;
+	ssize_t len;
+	int i, msg_flags;
 	int error = 0;
 #ifdef KTRACE
 	struct uio *ktruio = NULL;
@ -2711,7 +2714,7 @@ sys_sctp_generic_recvmsg(td, uap)
 		    (struct sctp_sndrcvinfo *)&sinfo, 1);
 	CURVNET_RESTORE();
 	if (error) {
-		if (auio.uio_resid != (int)len && (error == ERESTART ||
+		if (auio.uio_resid != len && (error == ERESTART ||
 		    error == EINTR || error == EWOULDBLOCK))
 			error = 0;
 	} else {
@ -2720,13 +2723,13 @@ sys_sctp_generic_recvmsg(td, uap)
 	}
 #ifdef KTRACE
 	if (ktruio != NULL) {
-		ktruio->uio_resid = (int)len - auio.uio_resid;
+		ktruio->uio_resid = len - auio.uio_resid;
 		ktrgenio(uap->sd, UIO_READ, ktruio, error);
 	}
 #endif /* KTRACE */
 	if (error)
 		goto out;
-	td->td_retval[0] = (int)len - auio.uio_resid;
+	td->td_retval[0] = len - auio.uio_resid;

 	if (fromlen && uap->from) {
 		len = fromlen;
@ -2734,7 +2737,7 @@ sys_sctp_generic_recvmsg(td, uap)
 			len = 0;
 		else {
 			len = MIN(len, fromsa->sa_len);
-			error = copyout(fromsa, uap->from, (unsigned)len);
+			error = copyout(fromsa, uap->from, (size_t)len);
 			if (error)
 				goto out;
 		}
--- a/sys/kern/vfs_extattr.c
+++ b/sys/kern/vfs_extattr.c
@ -181,7 +181,7 @@ extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname,
 	auio.uio_iov = &aiov;
 	auio.uio_iovcnt = 1;
 	auio.uio_offset = 0;
-	if (nbytes > INT_MAX) {
+	if (nbytes > IOSIZE_MAX) {
 		error = EINVAL;
 		goto done;
 	}
@ -355,7 +355,7 @@ extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname,
 		auio.uio_iov = &aiov;
 		auio.uio_iovcnt = 1;
 		auio.uio_offset = 0;
-		if (nbytes > INT_MAX) {
+		if (nbytes > IOSIZE_MAX) {
 			error = EINVAL;
 			goto done;
 		}
@ -672,7 +672,7 @@ extattr_list_vp(struct vnode *vp, int attrnamespace, void *data,
 		auio.uio_iov = &aiov;
 		auio.uio_iovcnt = 1;
 		auio.uio_offset = 0;
-		if (nbytes > INT_MAX) {
+		if (nbytes > IOSIZE_MAX) {
 			error = EINVAL;
 			goto done;
 		}
--- a/sys/kern/vfs_mountroot.c
+++ b/sys/kern/vfs_mountroot.c
@ -871,9 +871,8 @@ vfs_mountroot_readconf(struct thread *td, struct sbuf *sb)
 	static char buf[128];
 	struct nameidata nd;
 	off_t ofs;
-	int error, flags;
-	int len, resid;
-	int vfslocked;
+	ssize_t resid;
+	int error, flags, len, vfslocked;

 	NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, UIO_SYSSPACE,
 	    "/.mount.conf", td);
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@ -2692,7 +2692,7 @@ kern_readlinkat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
 	struct nameidata nd;
 	int vfslocked;

-	if (count > INT_MAX)
+	if (count > IOSIZE_MAX)
 		return (EINVAL);

 	NDINIT_AT(&nd, LOOKUP, NOFOLLOW | LOCKSHARED | LOCKLEAF | MPSAFE |
@ -4153,7 +4153,8 @@ kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
 	int error, eofflag;

 	AUDIT_ARG_FD(fd);
-	if (count > INT_MAX)
+	auio.uio_resid = count;
+	if (auio.uio_resid > IOSIZE_MAX)
 		return (EINVAL);
 	if ((error = getvnode(td->td_proc->p_fd, fd, CAP_READ | CAP_SEEK,
 	    &fp)) != 0)
@ -4177,7 +4178,6 @@ kern_getdirentries(struct thread *td, int fd, char *buf, u_int count,
 	auio.uio_rw = UIO_READ;
 	auio.uio_segflg = UIO_USERSPACE;
 	auio.uio_td = td;
-	auio.uio_resid = count;
 	vn_lock(vp, LK_SHARED | LK_RETRY);
 	AUDIT_ARG_VNODE1(vp);
 	loff = auio.uio_offset = fp->f_offset;
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@ -373,7 +373,7 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, file_cred,
 	int ioflg;
 	struct ucred *active_cred;
 	struct ucred *file_cred;
-	int *aresid;
+	ssize_t *aresid;
 	struct thread *td;
 {
 	struct uio auio;
@ -470,7 +470,7 @@ vn_rdwr_inchunks(rw, vp, base, len, offset, segflg, ioflg, active_cred,
 	struct thread *td;
 {
 	int error = 0;
-	int iaresid;
+	ssize_t iaresid;

 	VFS_ASSERT_GIANT(vp->v_mount);

--- a/sys/nfsclient/nfs_bio.c
+++ b/sys/nfsclient/nfs_bio.c
@ -564,7 +564,7 @@ nfs_bioread(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *cred)

 		n = 0;
 		if (on < bcount)
-			n = min((unsigned)(bcount - on), uio->uio_resid);
+			n = MIN((unsigned)(bcount - on), uio->uio_resid);
 		break;
 	    case VLNK:
 		nfsstats.biocache_readlinks++;
@ -583,7 +583,7 @@ nfs_bioread(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *cred)
 			return (error);
 		    }
 		}
-		n = min(uio->uio_resid, NFS_MAXPATHLEN - bp->b_resid);
+		n = MIN(uio->uio_resid, NFS_MAXPATHLEN - bp->b_resid);
 		on = 0;
 		break;
 	    case VDIR:
@ -751,8 +751,8 @@ nfs_directio_write(vp, uiop, cred, ioflag)
 		struct iovec iov;
 do_sync:
 		while (uiop->uio_resid > 0) {
-			size = min(uiop->uio_resid, wsize);
-			size = min(uiop->uio_iov->iov_len, size);
+			size = MIN(uiop->uio_resid, wsize);
+			size = MIN(uiop->uio_iov->iov_len, size);
 			iov.iov_base = uiop->uio_iov->iov_base;
 			iov.iov_len = size;
 			uio.uio_iov = &iov;
@ -800,8 +800,8 @@ nfs_directio_write(vp, uiop, cred, ioflag)
 		 * in NFS directio access.
 		 */
 		while (uiop->uio_resid > 0) {
-			size = min(uiop->uio_resid, wsize);
-			size = min(uiop->uio_iov->iov_len, size);
+			size = MIN(uiop->uio_resid, wsize);
+			size = MIN(uiop->uio_iov->iov_len, size);
 			bp = getpbuf(&nfs_pbuf_freecnt);
 			t_uio = malloc(sizeof(struct uio), M_NFSDIRECTIO, M_WAITOK);
 			t_iov = malloc(sizeof(struct iovec), M_NFSDIRECTIO, M_WAITOK);
@ -1014,7 +1014,7 @@ nfs_write(struct vop_write_args *ap)
 		nfsstats.biocache_writes++;
 		lbn = uio->uio_offset / biosize;
 		on = uio->uio_offset & (biosize-1);
-		n = min((unsigned)(biosize - on), uio->uio_resid);
+		n = MIN((unsigned)(biosize - on), uio->uio_resid);
 again:
 		/*
 		 * Handle direct append and file extension cases, calculate
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@ -133,6 +133,9 @@ extern char **kenvp;

 extern const void *zero_region;	/* address space maps to a zeroed page	*/

+extern int iosize_max_clamp;
+#define	IOSIZE_MAX	(iosize_max_clamp ? INT_MAX : SSIZE_MAX)
+
 /*
 * General function declarations.
 */
--- a/sys/sys/vnode.h
+++ b/sys/sys/vnode.h
@ -653,7 +653,7 @@ void	vn_pages_remove(struct vnode *vp, vm_pindex_t start, vm_pindex_t end);
 int	vn_pollrecord(struct vnode *vp, struct thread *p, int events);
 int	vn_rdwr(enum uio_rw rw, struct vnode *vp, void *base,
 	    int len, off_t offset, enum uio_seg segflg, int ioflg,
-	    struct ucred *active_cred, struct ucred *file_cred, int *aresid,
+	    struct ucred *active_cred, struct ucred *file_cred, ssize_t *aresid,
 	    struct thread *td);
 int	vn_rdwr_inchunks(enum uio_rw rw, struct vnode *vp, void *base,
 	    size_t len, off_t offset, enum uio_seg segflg, int ioflg,
--- a/sys/ufs/ffs/ffs_vnops.c
+++ b/sys/ufs/ffs/ffs_vnops.c
@ -420,7 +420,8 @@ ffs_read(ap)
 	ufs_lbn_t lbn, nextlbn;
 	off_t bytesinfile;
 	long size, xfersize, blkoffset;
-	int error, orig_resid;
+	ssize_t orig_resid;
+	int error;
 	int seqcount;
 	int ioflag;

@ -633,8 +634,9 @@ ffs_write(ap)
 	struct buf *bp;
 	ufs_lbn_t lbn;
 	off_t osize;
+	ssize_t resid;
 	int seqcount;
-	int blkoffset, error, flags, ioflag, resid, size, xfersize;
+	int blkoffset, error, flags, ioflag, size, xfersize;

 	vp = ap->a_vp;
 	uio = ap->a_uio;
@ -871,7 +873,8 @@ ffs_extread(struct vnode *vp, struct uio *uio, int ioflag)
 	ufs_lbn_t lbn, nextlbn;
 	off_t bytesinfile;
 	long size, xfersize, blkoffset;
-	int error, orig_resid;
+	ssize_t orig_resid;
+	int error;

 	ip = VTOI(vp);
 	fs = ip->i_fs;
@ -1024,7 +1027,8 @@ ffs_extwrite(struct vnode *vp, struct uio *uio, int ioflag, struct ucred *ucred)
 	struct buf *bp;
 	ufs_lbn_t lbn;
 	off_t osize;
-	int blkoffset, error, flags, resid, size, xfersize;
+	ssize_t resid;
+	int blkoffset, error, flags, size, xfersize;

 	ip = VTOI(vp);
 	fs = ip->i_fs;
--- a/sys/ufs/ufs/ufs_lookup.c
+++ b/sys/ufs/ufs/ufs_lookup.c
@ -1337,7 +1337,8 @@ ufs_dirempty(ip, parentino, cred)
 	doff_t off;
 	struct dirtemplate dbuf;
 	struct direct *dp = (struct direct *)&dbuf;
-	int error, count, namlen;
+	int error, namlen;
+	ssize_t count;
 #define	MINDIRSIZ (sizeof (struct dirtemplate) / 2)

 	for (off = 0; off < ip->i_size; off += dp->d_reclen) {