K 10
svn:author
V 7
asomers
K 8
svn:date
V 27
2019-08-12T20:31:12.791672Z
K 7
svn:log
V 1207
MFC r349248, r349391, r350088

r349248:
fcntl: fix overflow when setting F_READAHEAD

VOP_READ and VOP_WRITE take the seqcount in blocks in a 16-bit field.
However, fcntl allows you to set the seqcount in bytes to any nonnegative
31-bit value. The result can be a 16-bit overflow, which will be
sign-extended in functions like ffs_read. Fix this by sanitizing the
argument in kern_fcntl. As a matter of policy, limit to IO_SEQMAX rather
than INT16_MAX.

Also, fifos have overloaded the f_seqcount field for a completely different
purpose ever since r238936.  Formalize that by using a union type.

Reviewed by:	cem
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20710

r349391:
fcntl: style changes to r349248

Reported by:	bde
MFC-With:	349248
Sponsored by:	The FreeBSD Foundation

r350088:
F_READAHEAD: Fix r349248's overflow protection, broken by r349391

I accidentally broke the main point of r349248 when making stylistic changes
in r349391.  Restore the original behavior, and also fix an additional
overflow that was possible when uio->uio_resid was nearly SSIZE_MAX.

Reported by:	cem
Reviewed by:	bde
MFC-With:	349248
Sponsored by:	The FreeBSD Foundation

END