aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/kern_physio.c
diff options
context:
space:
mode:
authorMatthew Dillon <dillon@FreeBSD.org>2003-01-20 17:46:48 +0000
committerMatthew Dillon <dillon@FreeBSD.org>2003-01-20 17:46:48 +0000
commit2d5c7e4506e4fb6729fc22ebf44fc674d60eab79 (patch)
tree9f8f2a306dcef88eb5da009ebff53701aaaeee2b /sys/kern/kern_physio.c
parent866723162a1fd3690c0d2711b94b758a80937b23 (diff)
downloadsrc-2d5c7e4506e4fb6729fc22ebf44fc674d60eab79.tar.gz
src-2d5c7e4506e4fb6729fc22ebf44fc674d60eab79.zip
Close the remaining user address mapping races for physical
I/O, CAM, and AIO. Still TODO: streamline useracc() checks. Reviewed by: alc, tegge MFC after: 7 days
Notes
Notes: svn path=/head/; revision=109572
Diffstat (limited to 'sys/kern/kern_physio.c')
-rw-r--r--sys/kern/kern_physio.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/kern/kern_physio.c b/sys/kern/kern_physio.c
index f61b55ce8856..01e37506c566 100644
--- a/sys/kern/kern_physio.c
+++ b/sys/kern/kern_physio.c
@@ -95,13 +95,23 @@ physio(dev_t dev, struct uio *uio, int ioflag)
bp->b_blkno = btodb(bp->b_offset);
if (uio->uio_segflg == UIO_USERSPACE) {
+ /*
+ * Note that useracc() alone is not a
+ * sufficient test. vmapbuf() can still fail
+ * due to a smaller file mapped into a larger
+ * area of VM, or if userland races against
+ * vmapbuf() after the useracc() check.
+ */
if (!useracc(bp->b_data, bp->b_bufsize,
bp->b_iocmd == BIO_READ ?
VM_PROT_WRITE : VM_PROT_READ)) {
error = EFAULT;
goto doerror;
}
- vmapbuf(bp);
+ if (vmapbuf(bp) < 0) {
+ error = EFAULT;
+ goto doerror;
+ }
}
DEV_STRATEGY(bp);
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-13 02:29:28 +0000