Disallow fcntl(F_READAHEAD) when the vnode is not a regular file.
The mountpoint may not have defined an iosize parameter, so an attempt to configure readahead on a device file can lead to a divide-by-zero crash. The sequential heuristic is not applied to I/O to or from device files, and posix_fadvise(2) returns an error when v_type != VREG, so perform the same check here. Reported by: syzbot+e4b682208761aa5bc53a@syzkaller.appspotmail.com Reviewed by: kib MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D21864
This commit is contained in:
parent
8495fa081b
commit
4a7b33ecf4
@ -788,6 +788,12 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
|
||||
break;
|
||||
}
|
||||
vp = fp->f_vnode;
|
||||
if (vp->v_type != VREG) {
|
||||
fdrop(fp, td);
|
||||
error = ENOTTY;
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* Exclusive lock synchronizes against f_seqcount reads and
|
||||
* writes in sequential_heuristic().
|
||||
|
Loading…
Reference in New Issue
Block a user