Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Dec 2016 06:54:13 +0000 (UTC)
From:      Colin Percival <cperciva@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r310013 - head/sys/dev/xen/blkfront
Message-ID:  <201612130654.uBD6sDtF073358@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: cperciva
Date: Tue Dec 13 06:54:13 2016
New Revision: 310013
URL: https://svnweb.freebsd.org/changeset/base/310013

Log:
  Check that blkfront devices have a non-zero number of sectors and a
  non-zero sector size.  Such a device would be a virtual disk of zero
  bytes; clearly not useful, and not something we should try to attach.
  
  As a fortuitous side effect, checking that these values are non-zero
  here results in them not *becoming* zero later on the function.  This
  odd behaviour began with r309124 (clang 3.9.0) but is challenging to
  debug; making any changes to this function whatsoever seems to affect
  the llvm optimizer behaviour enough to make the unexpected zeroing of
  the sector_size variable cease.
  
  PR:		215209
  Security:	The potential for variables to unexpectedly become zero
  		has worrying consequences for security in general, but
  		not so much in this particular context.

Modified:
  head/sys/dev/xen/blkfront/blkfront.c

Modified: head/sys/dev/xen/blkfront/blkfront.c
==============================================================================
--- head/sys/dev/xen/blkfront/blkfront.c	Tue Dec 13 05:09:49 2016	(r310012)
+++ head/sys/dev/xen/blkfront/blkfront.c	Tue Dec 13 06:54:13 2016	(r310013)
@@ -1245,6 +1245,14 @@ xbd_connect(struct xbd_softc *sc)
 		    xenbus_get_otherend_path(dev));
 		return;
 	}
+	if ((sectors == 0) || (sector_size == 0)) {
+		xenbus_dev_fatal(dev, 0,
+		    "invalid parameters from %s:"
+		    " sectors = %lu, sector_size = %lu",
+		    xenbus_get_otherend_path(dev),
+		    sectors, sector_size);
+		return;
+	}
 	err = xs_gather(XST_NIL, xenbus_get_otherend_path(dev),
 	     "physical-sector-size", "%lu", &phys_sector_size,
 	     NULL);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612130654.uBD6sDtF073358>