Module Name: src Committed By: riastradh Date: Sat Apr 29 08:15:13 UTC 2023
Modified Files: src/sys/fs/tmpfs: tmpfs_subr.c Log Message: tmpfs: Assert no arithmetic overflow in directory node tn_size. Need >2^57 directory entries before this is a problem. If we created a million per second, this would take over 4000 years. To generate a diff of this commit: cvs rdiff -u -r1.116 -r1.117 src/sys/fs/tmpfs/tmpfs_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/fs/tmpfs/tmpfs_subr.c diff -u src/sys/fs/tmpfs/tmpfs_subr.c:1.116 src/sys/fs/tmpfs/tmpfs_subr.c:1.117 --- src/sys/fs/tmpfs/tmpfs_subr.c:1.116 Sat Apr 29 08:13:27 2023 +++ src/sys/fs/tmpfs/tmpfs_subr.c Sat Apr 29 08:15:13 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: tmpfs_subr.c,v 1.116 2023/04/29 08:13:27 riastradh Exp $ */ +/* $NetBSD: tmpfs_subr.c,v 1.117 2023/04/29 08:15:13 riastradh Exp $ */ /* * Copyright (c) 2005-2020 The NetBSD Foundation, Inc. @@ -73,7 +73,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.116 2023/04/29 08:13:27 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tmpfs_subr.c,v 1.117 2023/04/29 08:15:13 riastradh Exp $"); #include <sys/param.h> #include <sys/cprng.h> @@ -522,6 +522,7 @@ tmpfs_dir_attach(tmpfs_node_t *dnode, tm /* Insert the entry to the directory (parent of inode). */ TAILQ_INSERT_TAIL(&dnode->tn_spec.tn_dir.tn_dir, de, td_entries); + KASSERT(dnode->tn_size <= __type_max(off_t) - sizeof(tmpfs_dirent_t)); dnode->tn_size += sizeof(tmpfs_dirent_t); uvm_vnp_setsize(dvp, dnode->tn_size); @@ -580,6 +581,7 @@ tmpfs_dir_detach(tmpfs_node_t *dnode, tm dnode->tn_spec.tn_dir.tn_readdir_lastp = NULL; } TAILQ_REMOVE(&dnode->tn_spec.tn_dir.tn_dir, de, td_entries); + KASSERT(dnode->tn_size >= sizeof(tmpfs_dirent_t)); dnode->tn_size -= sizeof(tmpfs_dirent_t); tmpfs_dir_putseq(dnode, de);