fix(iov): 更新注释以更清晰地描述可访问内存的检查逻辑

mistcoversmyeyes · mistcoversmyeyes · commit 97e27f9ee7a6 · 2025-11-19T20:58:41.000+08:00
fix(user_access): 增强用户空间访问长度检查，确保正确处理文件后备长度
diff --git a/kernel/src/filesystem/vfs/iov.rs b/kernel/src/filesystem/vfs/iov.rs
@@ -89,7 +89,7 @@ impl IoVecs {
         let mut buf = Vec::with_capacity(self.total_len());
 
         for iov in self.0.iter() {
-            // 检查从 iov_base 开始有多少连续可访问的空间
+            // 检查从 iov_base 开始有多少 bytes 在 vma 内部且实际可以访问
             let accessible =
                 user_accessible_len(VirtAddr::new(iov.iov_base as usize), iov.iov_len, false);
 
diff --git a/kernel/src/syscall/user_access.rs b/kernel/src/syscall/user_access.rs
@@ -954,11 +954,31 @@ pub fn user_accessible_len(addr: VirtAddr, size: usize, check_write: bool) -> us
             break;
         };
 
-        let (region_end, vm_flags) = {
+        // 获取地址所在内存页的起始地址 和结束地址，以及访问权限标志 和文件后备长度
+        let (region_start, region_end, vm_flags, file_backed_len) = {
             let guard = vma.lock_irqsave();
+            let region_start = guard.region().start().data();
             let region_end = guard.region().end().data();
             let vm_flags = *guard.vm_flags();
-            (region_end, vm_flags)
+            let vma_size = region_end.saturating_sub(region_start);
+
+            let file_backed_len = guard.vm_file().and_then(|file| {
+                let file_offset_pages = guard.file_page_offset().unwrap_or(0);
+                let file_offset_bytes = file_offset_pages.saturating_mul(MMArch::PAGE_SIZE);
+                let file_size = match file.metadata() {
+                    Ok(md) if md.size > 0 => {
+                        let capped = core::cmp::min(md.size as u128, usize::MAX as u128);
+                        capped as usize
+                    }
+                    Ok(_) => 0,
+                    Err(_) => return None,
+                };
+
+                let backed = file_size.saturating_sub(file_offset_bytes);
+                Some(core::cmp::min(backed, vma_size))
+            });
+
+            (region_start, region_end, vm_flags, file_backed_len)
         };
 
         // 根据 vm_flags 判断是否具备访问权限
@@ -973,7 +993,14 @@ pub fn user_accessible_len(addr: VirtAddr, size: usize, check_write: bool) -> us
         }
 
         let current_addr = current.data();
-        let available = region_end.saturating_sub(current_addr);
+        let mut available = region_end.saturating_sub(current_addr);
+
+        if let Some(backed_len) = file_backed_len {
+            let offset_in_vma = current_addr.saturating_sub(region_start);
+            let backed_available = backed_len.saturating_sub(offset_in_vma);
+            // Clamp to the range actually backed by the file to avoid walking into holes.
+            available = min(available, backed_available);
+        }
         if available == 0 {
             break;
         }
