Disallow fcntl(F_READAHEAD) when the vnode is not a regular file.

The mountpoint may not have defined an iosize parameter, so an attempt
to configure readahead on a device file can lead to a divide-by-zero
crash.

The sequential heuristic is not applied to I/O to or from device files,
and posix_fadvise(2) returns an error when v_type != VREG, so perform
the same check here.

Reported by:	syzbot+e4b682208761aa5bc53a@syzkaller.appspotmail.com
Reviewed by:	kib
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21864
This commit is contained in:
Mark Johnston 2019-10-02 15:45:49 +00:00
parent 8495fa081b
commit 4a7b33ecf4

View File

@ -788,6 +788,12 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
break;
}
vp = fp->f_vnode;
if (vp->v_type != VREG) {
fdrop(fp, td);
error = ENOTTY;
break;
}
/*
* Exclusive lock synchronizes against f_seqcount reads and
* writes in sequential_heuristic().