DragonOS-Community · fslongjin · Dec 1, 2025 · Nov 21, 2025 · Nov 21, 2025 · Nov 22, 2025
diff --git a/kernel/src/filesystem/vfs/file.rs b/kernel/src/filesystem/vfs/file.rs
@@ -407,9 +407,16 @@ impl File {
     /// @brief 判断当前文件是否可读
     #[inline]
     pub fn readable(&self) -> Result<(), SystemError> {
+        let mode = *self.mode.read();
+
+        // 检查是否是O_PATH文件描述符
+        if mode.contains(FileMode::O_PATH) {
+            return Err(SystemError::EBADF);
+        }
+
         // 暂时认为只要不是write only, 就可读
-        if *self.mode.read() == FileMode::O_WRONLY {
-            return Err(SystemError::EPERM);
+        if mode.accmode() == FileMode::O_WRONLY.bits() {
+            return Err(SystemError::EBADF);
         }
 
         return Ok(());

diff --git a/kernel/src/filesystem/vfs/syscall/sys_pread64.rs b/kernel/src/filesystem/vfs/syscall/sys_pread64.rs
@@ -4,6 +4,7 @@ use system_error::SystemError;
 
 use crate::arch::interrupt::TrapFrame;
 use crate::arch::syscall::nr::SYS_PREAD64;
+use crate::filesystem::vfs::FileType;
 use crate::process::ProcessManager;
 use crate::syscall::table::FormattedSyscallParam;
 use crate::syscall::table::Syscall;
@@ -35,7 +36,18 @@ impl Syscall for SysPread64Handle {
         let len = Self::len(args);
         let offset = Self::offset(args);
 
-        let mut user_buffer_writer = UserBufferWriter::new(buf_vaddr, len, frame.is_from_user())?;
+        // 检查offset是否为负数
+        if (offset as isize) < 0 {
+            return Err(SystemError::EINVAL);
+        }
+
-        // 检查offset是否为负数
-        if (offset as isize) < 0 {
-            return Err(SystemError::EINVAL);
-        }
-        // 检查offset是否为负数
-        if (offset as isize) < 0 {
-            return Err(SystemError::EINVAL);
-        }
+        // 检查offset + len是否溢出
+        if offset.checked_add(len).is_none() || offset > i64::MAX as usize {
-        // 检查offset + len是否溢出
-        if offset.checked_add(len).is_none() || offset > i64::MAX as usize {
+        // 检查offset + len是否溢出，并且两者都不能超过i64::MAX
+        let end_pos = offset.checked_add(len).ok_or(SystemError::EINVAL)?;
+        if offset > i64::MAX as usize || end_pos > i64::MAX as usize {
-        // 检查offset + len是否溢出
-        if offset.checked_add(len).is_none() || offset > i64::MAX as usize {
+        // 检查offset + len是否溢出，并且两者都不能超过i64::MAX
+        let end_pos = offset.checked_add(len).ok_or(SystemError::EINVAL)?;
+        if offset > i64::MAX as usize || end_pos > i64::MAX as usize {
+            return Err(SystemError::EINVAL);
+        }
+
+        let mut user_buffer_writer =
+            UserBufferWriter::new_checked(buf_vaddr, len, frame.is_from_user())?;
         let user_buf = user_buffer_writer.buffer(0)?;
 
         let binding = ProcessManager::current_pcb().fd_table();
@@ -48,6 +60,12 @@ impl Syscall for SysPread64Handle {
         // Drop guard to avoid scheduling issues
         drop(fd_table_guard);
 
+        // 检查是否是管道/Socket (ESPIPE)
+        let md = file.metadata()?;
+        if md.file_type == FileType::Pipe || md.file_type == FileType::Socket {
-        if md.file_type == FileType::Pipe || md.file_type == FileType::Socket {
+        if md.file_type == FileType::Pipe || md.file_type == FileType::Socket || md.file_type == FileType::CharDevice {
-        if md.file_type == FileType::Pipe || md.file_type == FileType::Socket {
+        if md.file_type == FileType::Pipe || md.file_type == FileType::Socket || md.file_type == FileType::CharDevice {
+            return Err(SystemError::ESPIPE);
+        }
+
         return file.pread(offset, len, user_buf);
     }