From a5f9fe2bab789f49e8b53da3a62dbd34725e23ea Mon Sep 17 00:00:00 2001
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Mon, 1 Mar 2021 06:28:30 -0800
Subject: [PATCH] copy_file_range(2): Fix for small values of input file offset
 and len

r366302 broke copy_file_range(2) for small values of
input file offset and len.

It was possible for rem to be greater than len and then
"len - rem" was a large value, since both variables are
unsigned.

Reported by: koobs, Pablo <pablogsal gmail com> (Python)
Reviewed by:	asomers, koobs
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D28981
---
 sys/kern/vfs_vnops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
index 781968f2db53..7a0951fb07ca 100644
--- a/sys/kern/vfs_vnops.c
+++ b/sys/kern/vfs_vnops.c
@@ -3143,7 +3143,7 @@ vn_generic_copy_file_range(struct vnode *invp, off_t *inoffp,
 		rem = *inoffp % blksize;
 		if (rem > 0)
 			rem = blksize - rem;
-		if (len - rem > blksize)
+		if (len > rem && len - rem > blksize)
 			len = savlen = rounddown(len - rem, blksize) + rem;
 	}