From 83981e319dfc0508987a7f6baaad5cd78b18ac59 Mon Sep 17 00:00:00 2001 From: Alexander Motin Date: Wed, 16 Sep 2015 21:43:51 +0000 Subject: [PATCH] Fix reading after end of file for file-backed LUNs. If backing file is smaller then the LUN size, we have to explicitly clear the rest of the buffer to not leak some random data from previous I/Os. --- sys/cam/ctl/ctl_backend_block.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/sys/cam/ctl/ctl_backend_block.c b/sys/cam/ctl/ctl_backend_block.c index 753501530366..975de2c9b5ae 100644 --- a/sys/cam/ctl/ctl_backend_block.c +++ b/sys/cam/ctl/ctl_backend_block.c @@ -632,8 +632,8 @@ ctl_be_block_dispatch_file(struct ctl_be_block_lun *be_lun, union ctl_io *io; struct uio xuio; struct iovec *xiovec; - int flags; - int error, i; + size_t s; + int error, flags, i; DPRINTF("entered\n"); @@ -694,6 +694,22 @@ ctl_be_block_dispatch_file(struct ctl_be_block_lun *be_lun, VOP_UNLOCK(be_lun->vn, 0); SDT_PROBE(cbb, kernel, read, file_done, 0, 0, 0, 0, 0); + if (error == 0 && xuio.uio_resid > 0) { + /* + * If we red less then requested (EOF), then + * we should clean the rest of the buffer. + */ + s = beio->io_len - xuio.uio_resid; + for (i = 0; i < beio->num_segs; i++) { + if (s >= beio->sg_segs[i].len) { + s -= beio->sg_segs[i].len; + continue; + } + bzero((uint8_t *)beio->sg_segs[i].addr + s, + beio->sg_segs[i].len - s); + s = 0; + } + } } else { struct mount *mountpoint; int lock_flags;