Date: Sat, 16 Jun 2018 15:16:03 +0000 (UTC) From: Allan Jude <allanjude@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r335254 - in head/stand/i386: libi386 zfsboot Message-ID: <201806161516.w5GFG33p017898@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: allanjude Date: Sat Jun 16 15:16:02 2018 New Revision: 335254 URL: https://svnweb.freebsd.org/changeset/base/335254 Log: Avoid reading past the end of the disk in zfsboot.c and biosdisk.c The GELI boot code rounds reads up to 4k, since the encrypted sectors are 4k, and must be decrypted as a unit. With oddball sized disks (almost always virtual), this can lead to reading past the end of the disk. Reviewed by: imp, tsoome Sponsored by: Klara Systems Differential Revision: https://reviews.freebsd.org/D15844 Modified: head/stand/i386/libi386/biosdisk.c head/stand/i386/zfsboot/zfsboot.c Modified: head/stand/i386/libi386/biosdisk.c ============================================================================== --- head/stand/i386/libi386/biosdisk.c Sat Jun 16 15:05:05 2018 (r335253) +++ head/stand/i386/libi386/biosdisk.c Sat Jun 16 15:16:02 2018 (r335254) @@ -882,6 +882,12 @@ bd_read(struct disk_devdesc *dev, daddr_t dblk, int bl } } + if (alignlba + alignblks > BD(dev).bd_sectors) { + DEBUG("Shorted read at %llu from %d to %llu blocks", + alignlba, alignblks, BD(dev).bd_sectors - alignlba); + alignblks = BD(dev).bd_sectors - alignlba; + } + err = bd_io(dev, alignlba, alignblks, tmpbuf, 0); if (err) return (err); Modified: head/stand/i386/zfsboot/zfsboot.c ============================================================================== --- head/stand/i386/zfsboot/zfsboot.c Sat Jun 16 15:05:05 2018 (r335253) +++ head/stand/i386/zfsboot/zfsboot.c Sat Jun 16 15:16:02 2018 (r335254) @@ -209,6 +209,12 @@ vdev_read(void *xvdev, void *priv, off_t off, void *bu alignnb = roundup2(nb * DEV_BSIZE + diff, DEV_GELIBOOT_BSIZE) / DEV_BSIZE; + if (dsk->size > 0 && alignlba + alignnb > dsk->size + dsk->start) { + printf("Shortening read at %lld from %d to %lld\n", alignlba, + alignnb, (dsk->size + dsk->start) - alignlba); + alignnb = (dsk->size + dsk->start) - alignlba; + } + if (drvread(dsk, dmadat->rdbuf, alignlba, alignnb)) return -1; #ifdef LOADER_GELI_SUPPORT @@ -694,7 +700,7 @@ main(void) dsk->slice = *(uint8_t *)PTOV(ARGS + 1) + 1; dsk->part = 0; dsk->start = 0; - dsk->size = 0; + dsk->size = drvsize_ext(dsk); bootinfo.bi_version = BOOTINFO_VERSION; bootinfo.bi_size = sizeof(bootinfo); @@ -745,7 +751,7 @@ main(void) dsk->slice = 0; dsk->part = 0; dsk->start = 0; - dsk->size = 0; + dsk->size = drvsize_ext(dsk); probe_drive(dsk); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806161516.w5GFG33p017898>