CVS commit: [netbsd-8] src/sys/fs/tmpfs

Tue, 01 Aug 2023 08:32:29 -0700 

Module Name:    src
Committed By:   martin
Date:           Tue Aug  1 15:32:23 UTC 2023

Modified Files:
        src/sys/fs/tmpfs [netbsd-8]: tmpfs_subr.c

Log Message:
Pull up following revision(s) (requested by riastradh in ticket #1872):

        sys/fs/tmpfs/tmpfs_subr.c: revision 1.116
        sys/fs/tmpfs/tmpfs_subr.c: revision 1.117

tmpfs: Refuse sizes that overflow round_page.

tmpfs: Assert no arithmetic overflow in directory node tn_size.
Need >2^57 directory entries before this is a problem.  If we created
a million per second, this would take over 4000 years.


To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.102.8.1 src/sys/fs/tmpfs/tmpfs_subr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/fs/tmpfs/tmpfs_subr.c
diff -u src/sys/fs/tmpfs/tmpfs_subr.c:1.102 src/sys/fs/tmpfs/tmpfs_subr.c:1.102.8.1
--- src/sys/fs/tmpfs/tmpfs_subr.c:1.102	Wed Jan  4 10:06:43 2017
+++ src/sys/fs/tmpfs/tmpfs_subr.c	Tue Aug  1 15:32:23 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: tmpfs_subr.c,v 1.102 2017/01/04 10:06:43 hannken Exp $	*/
+/*	$NetBSD: tmpfs_subr.c,v 1.102.8.1 2023/08/01 15:32:23 martin Exp $	*/
 
 /*
  * Copyright (c) 2005-2013 The NetBSD Foundation, Inc.
@@ -73,7 +73,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.102 2017/01/04 10:06:43 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.102.8.1 2023/08/01 15:32:23 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/cprng.h>
@@ -514,6 +514,7 @@ tmpfs_dir_attach(tmpfs_node_t *dnode, tm
 
 	/* Insert the entry to the directory (parent of inode). */
 	TAILQ_INSERT_TAIL(&dnode->tn_spec.tn_dir.tn_dir, de, td_entries);
+	KASSERT(dnode->tn_size <= __type_max(off_t) - sizeof(tmpfs_dirent_t));
 	dnode->tn_size += sizeof(tmpfs_dirent_t);
 	uvm_vnp_setsize(dvp, dnode->tn_size);
 
@@ -580,6 +581,7 @@ tmpfs_dir_detach(tmpfs_node_t *dnode, tm
 		dnode->tn_spec.tn_dir.tn_readdir_lastp = NULL;
 	}
 	TAILQ_REMOVE(&dnode->tn_spec.tn_dir.tn_dir, de, td_entries);
+	KASSERT(dnode->tn_size >= sizeof(tmpfs_dirent_t));
 	dnode->tn_size -= sizeof(tmpfs_dirent_t);
 	tmpfs_dir_putseq(dnode, de);
 
@@ -908,6 +910,9 @@ tmpfs_reg_resize(struct vnode *vp, off_t
 	KASSERT(vp->v_type == VREG);
 	KASSERT(newsize >= 0);
 
+	if (newsize > __type_max(off_t) - PAGE_SIZE + 1)
+		return EFBIG;
+
 	oldsize = node->tn_size;
 	oldpages = round_page(oldsize) >> PAGE_SHIFT;
 	newpages = round_page(newsize) >> PAGE_SHIFT;

Reply via email to