r222004 changed sbuf_finish() to not clear the buffer error status. As a

consequence sbuf_len() will return -1 for buffers which had the error status set prior to sbuf_finish() call. This causes a problem in pfs_read() which purposely uses a fixed size sbuf to discard bytes which are not needed to fulfill the read request. Work around the problem by using the full buffer length when sbuf_finish() indicates an overflow. An overflowed sbuf with fixed size is always full. PR: kern/163076 Approved by: des MFC after: 2 weeks
svn path=/head/; revision=229694
2024-12-18 22:15:46 +01:00 · 2012-01-06 10:12:59 +00:00 · 2012-01-06 10:12:59 +00:00 · d467c9472a · 2020-12-20 02:59:44 +00:00
commit d467c9472a
parent b286f80c2d
1 changed files with 12 additions and 6 deletions
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@ -630,14 +630,14 @@ pfs_read(struct vop_read_args *va)
 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
 	    (offset = uio->uio_offset) != uio->uio_offset ||
 	    (resid = uio->uio_resid) != uio->uio_resid ||
-	    (buflen = offset + resid + 1) < offset || buflen > INT_MAX) {
+	    (buflen = offset + resid) < offset || buflen >= INT_MAX) {
 		error = EINVAL;
 		goto ret;
 	}
-	if (buflen > MAXPHYS + 1)
-		buflen = MAXPHYS + 1;
+	if (buflen > MAXPHYS)
+		buflen = MAXPHYS;

-	sb = sbuf_new(sb, NULL, buflen, 0);
+	sb = sbuf_new(sb, NULL, buflen + 1, 0);
 	if (sb == NULL) {
 		error = EIO;
 		goto ret;
@ -650,8 +650,14 @@ pfs_read(struct vop_read_args *va)
 		goto ret;
 	}

-	sbuf_finish(sb);
-	error = uiomove_frombuf(sbuf_data(sb), sbuf_len(sb), uio);
+	/*
+	 * XXX: If the buffer overflowed, sbuf_len() will not return
+	 * the data length. Then just use the full length because an
+	 * overflowed sbuf must be full.
+	 */
+	if (sbuf_finish(sb) == 0)
+		buflen = sbuf_len(sb);
+	error = uiomove_frombuf(sbuf_data(sb), buflen, uio);
 	sbuf_delete(sb);
 ret:
 	vn_lock(vn, locked | LK_RETRY);