summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2018-01-13 15:56:03 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2018-01-13 15:56:03 +0000
commit7f604ad451a6d6a86179f96d14e8a253419f0924 (patch)
tree3481354ad98cc5a273c591ee4b7308450a9ea8d3 /sys
parentc3ac508415eb1921040dacc5f756f4a48e304f61 (diff)
Add comment describing why we need to clear the buffer if uiomove()
fails, adapted from FreeBSD. Also avoid clearing the buffer if it was cleared when allocated. OK deraadt@ otto@
Diffstat (limited to 'sys')
-rw-r--r--sys/ufs/ffs/ffs_vnops.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/sys/ufs/ffs/ffs_vnops.c b/sys/ufs/ffs/ffs_vnops.c
index 87cd37de921..0d14649adf0 100644
--- a/sys/ufs/ffs/ffs_vnops.c
+++ b/sys/ufs/ffs/ffs_vnops.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ffs_vnops.c,v 1.89 2017/12/30 20:47:00 guenther Exp $ */
+/* $OpenBSD: ffs_vnops.c,v 1.90 2018/01/13 15:56:02 millert Exp $ */
/* $NetBSD: ffs_vnops.c,v 1.7 1996/05/11 18:27:24 mycroft Exp $ */
/*
@@ -357,8 +357,17 @@ ffs_write(void *v)
xfersize = size;
error = uiomove(bp->b_data + blkoffset, xfersize, uio);
-
- if (error != 0)
+ /*
+ * If the buffer is not already filled and we encounter an
+ * error while trying to fill it, we have to clear out any
+ * garbage data from the pages instantiated for the buffer.
+ * If we do not, a failed uiomove() during a write can leave
+ * the prior contents of the pages exposed to a userland mmap.
+ *
+ * Note that we don't need to clear buffers that were
+ * allocated with the B_CLRBUF flag set.
+ */
+ if (error != 0 && !(flags & B_CLRBUF))
memset(bp->b_data + blkoffset, 0, xfersize);
#if 0