diff options
author | Matthew Dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
---|---|---|
committer | Matthew Dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
commit | 2d5c7e4506e4fb6729fc22ebf44fc674d60eab79 (patch) | |
tree | 9f8f2a306dcef88eb5da009ebff53701aaaeee2b /sys/kern/kern_physio.c | |
parent | 866723162a1fd3690c0d2711b94b758a80937b23 (diff) | |
download | src-2d5c7e4506e4fb6729fc22ebf44fc674d60eab79.tar.gz src-2d5c7e4506e4fb6729fc22ebf44fc674d60eab79.zip |
Close the remaining user address mapping races for physical
I/O, CAM, and AIO. Still TODO: streamline useracc() checks.
Reviewed by: alc, tegge
MFC after: 7 days
Notes
Notes:
svn path=/head/; revision=109572
Diffstat (limited to 'sys/kern/kern_physio.c')
-rw-r--r-- | sys/kern/kern_physio.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/kern/kern_physio.c b/sys/kern/kern_physio.c index f61b55ce8856..01e37506c566 100644 --- a/sys/kern/kern_physio.c +++ b/sys/kern/kern_physio.c @@ -95,13 +95,23 @@ physio(dev_t dev, struct uio *uio, int ioflag) bp->b_blkno = btodb(bp->b_offset); if (uio->uio_segflg == UIO_USERSPACE) { + /* + * Note that useracc() alone is not a + * sufficient test. vmapbuf() can still fail + * due to a smaller file mapped into a larger + * area of VM, or if userland races against + * vmapbuf() after the useracc() check. + */ if (!useracc(bp->b_data, bp->b_bufsize, bp->b_iocmd == BIO_READ ? VM_PROT_WRITE : VM_PROT_READ)) { error = EFAULT; goto doerror; } - vmapbuf(bp); + if (vmapbuf(bp) < 0) { + error = EFAULT; + goto doerror; + } } DEV_STRATEGY(bp); |