ffs: Clamp BIO_SPEEDUP length

On 32-bit platforms, the computed size of the BIO_SPEEDUP requested by softdep_request_cleanup() may be negative when assigned to bp->b_bcount, which has type "long". Clamp the size to LONG_MAX. Also convert the unused g_io_speedup() to use an off_t for the magnitude of the shortage for consistency with softdep_send_speedup(). Reviewed by: chs, kib Reported by: pho Tested by: pho Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D27081
2020-11-11 13:48:07 +00:00 · 2020-11-11 13:48:07 +00:00 · cfac0db496
commit cfac0db496
parent 952f6a2592
3 changed files with 7 additions and 6 deletions
--- a/sys/geom/geom.h
+++ b/sys/geom/geom.h
@ -334,7 +334,8 @@ void g_io_deliver(struct bio *bp, int error);
 int g_io_getattr(const char *attr, struct g_consumer *cp, int *len, void *ptr);
 int g_io_zonecmd(struct disk_zone_args *zone_args, struct g_consumer *cp);
 int g_io_flush(struct g_consumer *cp);
-int g_io_speedup(size_t shortage, u_int flags, size_t *resid, struct g_consumer *cp);
+int g_io_speedup(off_t shortage, u_int flags, size_t *resid,
    struct g_consumer *cp);
 void g_io_request(struct bio *bp, struct g_consumer *cp);
 struct bio *g_new_bio(void);
 struct bio *g_alloc_bio(void);
--- a/sys/geom/geom_io.c
+++ b/sys/geom/geom_io.c
@ -341,15 +341,15 @@ g_io_zonecmd(struct disk_zone_args *zone_args, struct g_consumer *cp)
 * operation should be done.
 */
 int
-g_io_speedup(size_t shortage, u_int flags, size_t *resid, struct g_consumer *cp)
+g_io_speedup(off_t shortage, u_int flags, size_t *resid, struct g_consumer *cp)
 {
 	struct bio *bp;
 	int error;
 	KASSERT((flags & (BIO_SPEEDUP_TRIM | BIO_SPEEDUP_WRITE)) != 0,
 	    ("Invalid flags passed to g_io_speedup: %#x", flags));
-	g_trace(G_T_BIO, "bio_speedup(%s, %zu, %#x)", cp->provider->name,
+	g_trace(G_T_BIO, "bio_speedup(%s, %jd, %#x)", cp->provider->name,
-	    shortage, flags);
+	    (intmax_t)shortage, flags);
 	bp = g_new_bio();
 	if (bp == NULL)
 		return (ENOMEM);
--- a/sys/ufs/ffs/ffs_softdep.c
+++ b/sys/ufs/ffs/ffs_softdep.c
@ -1464,7 +1464,7 @@ worklist_speedup(mp)
 }
 static void
-softdep_send_speedup(struct ufsmount *ump, size_t shortage, u_int flags)
+softdep_send_speedup(struct ufsmount *ump, off_t shortage, u_int flags)
 {
 	struct buf *bp;
@ -1474,7 +1474,7 @@ softdep_send_speedup(struct ufsmount *ump, size_t shortage, u_int flags)
 	bp = malloc(sizeof(*bp), M_TRIM, M_WAITOK | M_ZERO);
 	bp->b_iocmd = BIO_SPEEDUP;
 	bp->b_ioflags = flags;
-	bp->b_bcount = shortage;
+	bp->b_bcount = omin(shortage, LONG_MAX);
 	g_vfs_strategy(ump->um_bo, bp);
 	bufwait(bp);
 	free(bp, M_TRIM);