nfscl: Fix handling of a copyout() error reply

If vfs.nfs.nfs_directio_enable is set non-zero (the default is zero) and a file on an NFS mount is read after being opened with O_DIRECT | O_ RDONLY, a call to nfsm_mbufuio() calls copyout() without checking for an error return. If copyout() returns EFAULT, this would not work correctly. Only the call path VOP_READ()->ncl_readrpc()->nfsrpc_read()->nfsrpc_readrpc() will do this and the error return for EFAULT will be returned back to VOP_READ(). This patch adds the error check to nfsm_mbufuio(). Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D43160
2024-10-04 15:40:44 +00:00 · 2023-12-22 12:11:22 -08:00 · 2023-12-22 12:11:22 -08:00 · b484bcd504
parent 671a00491d
commit b484bcd504
1 changed files with 5 additions and 9 deletions
--- a/sys/fs/nfs/nfs_commonsubs.c
+++ b/sys/fs/nfs/nfs_commonsubs.c
@ -679,17 +679,13 @@ nfsm_mbufuio(struct nfsrv_descript *nd, struct uio *uiop, int siz)
 				    ("len %d, corrupted mbuf?", len));
 			}
 			xfer = (left > len) ? len : left;
-#ifdef notdef
-			/* Not Yet.. */
-			if (uiop->uio_iov->iov_op != NULL)
-				(*(uiop->uio_iov->iov_op))
-				(mbufcp, uiocp, xfer);
-			else
-#endif
 			if (uiop->uio_segflg == UIO_SYSSPACE)
 				NFSBCOPY(mbufcp, uiocp, xfer);
-			else
-				copyout(mbufcp, uiocp, xfer);
+			else {
+				error = copyout(mbufcp, uiocp, xfer);
+				if (error != 0)
+					goto out;
+			}
 			left -= xfer;
 			len -= xfer;
 			mbufcp += xfer;