d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disallow fcntl(F_READAHEAD) when the vnode is not a regular file.

Browse Source 
The mountpoint may not have defined an iosize parameter, so an attempt
to configure readahead on a device file can lead to a divide-by-zero
crash.

The sequential heuristic is not applied to I/O to or from device files,
and posix_fadvise(2) returns an error when v_type != VREG, so perform
the same check here.

Reported by:	syzbot+e4b682208761aa5bc53a@syzkaller.appspotmail.com
Reviewed by:	kib
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D21864
This commit is contained in:
markj 2019-10-02 15:45:49 +00:00
parent 623ef093b2
commit 20c5c1bf19
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/kern/kern_descrip.c
View File

@ -788,6 +788,12 @@ kern_fcntl(struct thread *td, int fd, int cmd, intptr_t arg)
break;
}
vp = fp->f_vnode;
if (vp->v_type != VREG) {
fdrop(fp, td);
error = ENOTTY;
break;
}
/*
* Exclusive lock synchronizes against f_seqcount reads and
* writes in sequential_heuristic().