vn_getf/vn_releasef should not accept negative file descriptors

C type coercion rules require that negative numbers be converted into positive numbers via wraparound such that a negative -1 becomes a positive 1. This causes vn_getf to return a file handle when it should return NULL whenever a positive file descriptor existed with the same value. We should check for a negative file descriptor and return NULL instead. This was caught by ClusterHQ's unit testing. Reference: http://stackoverflow.com/questions/50605/signed-to-unsigned-conversion-in-c-is-it-always-safe Signed-off-by: Richard Yao <[email protected]> Signed-off-by: Andriy Gapon <[email protected]> Signed-off-by: Brian Behlendorf <[email protected]> Closes #450
author: Richard Yao <[email protected]> 2015-04-16 10:29:41 -0400
committer: Brian Behlendorf <[email protected]> 2015-04-24 13:02:00 -0700
commit: 313b1ea622275e24c3046c3b04a98a933b18f8de (patch)
tree: d4aa83fb61aca5eb359db6d254d7322ea20393ba /module/spl
parent: cd69f020e4b0f9c416dd07a264e48c9488a7633f (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/module/spl/spl-vnode.c b/module/spl/spl-vnode.c
index 1e26b8e29..4c62097dc 100644
--- a/module/spl/spl-vnode.c
+++ b/module/spl/spl-vnode.c
@@ -648,6 +648,9 @@ vn_getf(int fd)
 	vnode_t *vp;
 	int rc = 0;
 
+	if (fd < 0)
+		return (NULL);
+
 	/* Already open just take an extra reference */
 	spin_lock(&vn_file_lock);
 
@@ -733,6 +736,9 @@ vn_releasef(int fd)
 {
 	file_t *fp;
 
+	if (fd < 0)
+		return;
+
 	spin_lock(&vn_file_lock);
 	fp = file_find(fd);
 	if (fp) {
author	Richard Yao <[email protected]>	2015-04-16 10:29:41 -0400
committer	Brian Behlendorf <[email protected]>	2015-04-24 13:02:00 -0700
commit	313b1ea622275e24c3046c3b04a98a933b18f8de (patch)
tree	d4aa83fb61aca5eb359db6d254d7322ea20393ba /module/spl
parent	cd69f020e4b0f9c416dd07a264e48c9488a7633f (diff)