ffs: Clamp BIO_SPEEDUP length
On 32-bit platforms, the computed size of the BIO_SPEEDUP requested by softdep_request_cleanup() may be negative when assigned to bp->b_bcount, which has type "long". Clamp the size to LONG_MAX. Also convert the unused g_io_speedup() to use an off_t for the magnitude of the shortage for consistency with softdep_send_speedup(). Reviewed by: chs, kib Reported by: pho Tested by: pho Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D27081
This commit is contained in:
Mark Johnston
parent
f52979098d
commit
f44994874b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=367589
@ -334,7 +334,8 @@ void g_io_deliver(struct bio *bp, int error);
|
||||
int g_io_getattr(const char *attr, struct g_consumer *cp, int *len, void *ptr);
|
||||
int g_io_zonecmd(struct disk_zone_args *zone_args, struct g_consumer *cp);
|
||||
int g_io_flush(struct g_consumer *cp);
|
||||
int g_io_speedup(size_t shortage, u_int flags, size_t *resid, struct g_consumer *cp);
|
||||
int g_io_speedup(off_t shortage, u_int flags, size_t *resid,
|
||||
struct g_consumer *cp);
|
||||
void g_io_request(struct bio *bp, struct g_consumer *cp);
|
||||
struct bio *g_new_bio(void);
|
||||
struct bio *g_alloc_bio(void);
|
||||
|
||||
@ -341,15 +341,15 @@ g_io_zonecmd(struct disk_zone_args *zone_args, struct g_consumer *cp)
|
||||
* operation should be done.
|
||||
*/
|
||||
int
|
||||
g_io_speedup(size_t shortage, u_int flags, size_t *resid, struct g_consumer *cp)
|
||||
g_io_speedup(off_t shortage, u_int flags, size_t *resid, struct g_consumer *cp)
|
||||
{
|
||||
struct bio *bp;
|
||||
int error;
|
||||
|
||||
KASSERT((flags & (BIO_SPEEDUP_TRIM | BIO_SPEEDUP_WRITE)) != 0,
|
||||
("Invalid flags passed to g_io_speedup: %#x", flags));
|
||||
g_trace(G_T_BIO, "bio_speedup(%s, %zu, %#x)", cp->provider->name,
|
||||
shortage, flags);
|
||||
g_trace(G_T_BIO, "bio_speedup(%s, %jd, %#x)", cp->provider->name,
|
||||
(intmax_t)shortage, flags);
|
||||
bp = g_new_bio();
|
||||
if (bp == NULL)
|
||||
return (ENOMEM);
|
||||
|
||||
@ -1464,7 +1464,7 @@ worklist_speedup(mp)
|
||||
}
|
||||
|
||||
static void
|
||||
softdep_send_speedup(struct ufsmount *ump, size_t shortage, u_int flags)
|
||||
softdep_send_speedup(struct ufsmount *ump, off_t shortage, u_int flags)
|
||||
{
|
||||
struct buf *bp;
|
||||
|
||||
@ -1474,7 +1474,7 @@ softdep_send_speedup(struct ufsmount *ump, size_t shortage, u_int flags)
|
||||
bp = malloc(sizeof(*bp), M_TRIM, M_WAITOK | M_ZERO);
|
||||
bp->b_iocmd = BIO_SPEEDUP;
|
||||
bp->b_ioflags = flags;
|
||||
bp->b_bcount = shortage;
|
||||
bp->b_bcount = omin(shortage, LONG_MAX);
|
||||
g_vfs_strategy(ump->um_bo, bp);
|
||||
bufwait(bp);
|
||||
free(bp, M_TRIM);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user