diff options
author | dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
---|---|---|
committer | dillon <dillon@FreeBSD.org> | 2003-01-20 17:46:48 +0000 |
commit | e7be7a0432de3e374a6d4cfedc0ef5c8b264a021 (patch) | |
tree | 9f8f2a306dcef88eb5da009ebff53701aaaeee2b /sys/kern/kern_physio.c | |
parent | a752ec7b60312f295643dc7eb37ec1318d8c7412 (diff) | |
download | FreeBSD-src-e7be7a0432de3e374a6d4cfedc0ef5c8b264a021.zip FreeBSD-src-e7be7a0432de3e374a6d4cfedc0ef5c8b264a021.tar.gz |
Close the remaining user address mapping races for physical
I/O, CAM, and AIO. Still TODO: streamline useracc() checks.
Reviewed by: alc, tegge
MFC after: 7 days
Diffstat (limited to 'sys/kern/kern_physio.c')
-rw-r--r-- | sys/kern/kern_physio.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/kern/kern_physio.c b/sys/kern/kern_physio.c index f61b55c..01e3750 100644 --- a/sys/kern/kern_physio.c +++ b/sys/kern/kern_physio.c @@ -95,13 +95,23 @@ physio(dev_t dev, struct uio *uio, int ioflag) bp->b_blkno = btodb(bp->b_offset); if (uio->uio_segflg == UIO_USERSPACE) { + /* + * Note that useracc() alone is not a + * sufficient test. vmapbuf() can still fail + * due to a smaller file mapped into a larger + * area of VM, or if userland races against + * vmapbuf() after the useracc() check. + */ if (!useracc(bp->b_data, bp->b_bufsize, bp->b_iocmd == BIO_READ ? VM_PROT_WRITE : VM_PROT_READ)) { error = EFAULT; goto doerror; } - vmapbuf(bp); + if (vmapbuf(bp) < 0) { + error = EFAULT; + goto doerror; + } } DEV_STRATEGY(bp); |