Re: svn commit: r340707 - head/usr.sbin/bhyve
Em qua, 21 de nov de 2018 às 08:23, Shawn Webb
escreveu:
> On Tue, Nov 20, 2018 at 10:21:19PM +, Marcelo Araujo wrote:
> > Author: araujo
> > Date: Tue Nov 20 22:21:19 2018
> > New Revision: 340707
> > URL: https://svnweb.freebsd.org/changeset/base/340707
> >
> > Log:
> > Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES
> > to avoid buffer accessed out of bounds, also switch to snprintf(3).
> >
> > PR: 200859
> > Submitted by: Caglar
> > Obtained from: https://github.com/mist64/xhyve/pull/24
> > MFC after: 4 weeks
> > Sponsored by: iXsystems Inc.
> >
> > Modified:
> > head/usr.sbin/bhyve/pci_ahci.c
> > head/usr.sbin/bhyve/pci_virtio_block.c
> >
> > Modified: head/usr.sbin/bhyve/pci_ahci.c
> >
> ==
> > --- head/usr.sbin/bhyve/pci_ahci.cTue Nov 20 22:12:10 2018
> (r340706)
> > +++ head/usr.sbin/bhyve/pci_ahci.cTue Nov 20 22:21:19 2018
> (r340707)
> > @@ -105,7 +105,7 @@ enum sata_fis_type {
> > * ATA commands
> > */
> > #define ATA_SF_ENAB_SATA_SF 0x10
> > -#define ATA_SATA_SF_AN 0x05
> > +#define ATA_SATA_SF_AN 0x05
> > #define ATA_SF_DIS_SATA_SF 0x90
> >
> > /*
> > @@ -119,6 +119,8 @@ static FILE *dbg;
> > #endif
> > #define WPRINTF(format, arg...) printf(format, ##arg)
> >
> > +#define AHCI_PORT_IDENT 20 + 1
> > +
> > struct ahci_ioreq {
> > struct blockif_req io_req;
> > struct ahci_port *io_pr;
> > @@ -136,7 +138,7 @@ struct ahci_port {
> > struct pci_ahci_softc *pr_sc;
> > uint8_t *cmd_lst;
> > uint8_t *rfis;
> > - char ident[20 + 1];
> > + char ident[AHCI_PORT_IDENT];
> > int port;
> > int atapi;
> > int reset;
> > @@ -2374,7 +2376,8 @@ pci_ahci_init(struct vmctx *ctx, struct
> pci_devinst *p
> > MD5Init();
> > MD5Update(, opts, strlen(opts));
> > MD5Final(digest, );
> > - sprintf(sc->port[p].ident,
> "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> > + snprintf(sc->port[p].ident, AHCI_PORT_IDENT,
> > + "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> > digest[0], digest[1], digest[2], digest[3], digest[4],
> > digest[5]);
> >
> >
> > Modified: head/usr.sbin/bhyve/pci_virtio_block.c
> >
> ==
> > --- head/usr.sbin/bhyve/pci_virtio_block.cTue Nov 20 22:12:10 2018
> (r340706)
> > +++ head/usr.sbin/bhyve/pci_virtio_block.cTue Nov 20 22:21:19 2018
> (r340707)
> > @@ -61,7 +61,7 @@ __FBSDID("$FreeBSD$");
> > #define VTBLK_S_IOERR1
> > #define VTBLK_S_UNSUPP 2
> >
> > -#define VTBLK_BLK_ID_BYTES 20
> > +#define VTBLK_BLK_ID_BYTES 20 + 1
> >
> > /* Capability bits */
> > #define VTBLK_F_SEG_MAX (1 << 2)/* Maximum request
> segments */
> > @@ -344,7 +344,8 @@ pci_vtblk_init(struct vmctx *ctx, struct pci_devinst
> *
> > MD5Init();
> > MD5Update(, opts, strlen(opts));
> > MD5Final(digest, );
> > - sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> > + snprintf(sc->vbsc_ident, VTBLK_BLK_ID_BYTES,
> > + "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> > digest[0], digest[1], digest[2], digest[3], digest[4],
> digest[5]);
> >
> > /* setup virtio block config space */
>
> Hey Marcelo,
>
> Thanks for committing this. Could VTBLK_BLK_ID_BYTES and
> AHCI_PORT_IDENT be merged into the same macro, defined in
> usr.sbin/bhyve/pci_emul.h? Especially since both equate to the same
> value.
>
The macro could be merged, but it is safer to have it in this way, in case
something changes specifically for one of the drivers.
I don't think pci_emul.h would be the right place for that, this file is in
charge of PCI emulation functions and it is pretty much generic among the
other drivers.
Best.
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> Tor-ified Signal:+1 443-546-8752
> Tor+XMPP+OTR:latt...@is.a.hacker.sx
> GPG Key ID: 0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
>
--
--
Marcelo Araujo(__)ara...@freebsd.org
\\\'',)http://www.FreeBSD.org
Re: svn commit: r340707 - head/usr.sbin/bhyve
On Tue, Nov 20, 2018 at 10:21:19PM +, Marcelo Araujo wrote:
> Author: araujo
> Date: Tue Nov 20 22:21:19 2018
> New Revision: 340707
> URL: https://svnweb.freebsd.org/changeset/base/340707
>
> Log:
> Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES
> to avoid buffer accessed out of bounds, also switch to snprintf(3).
>
> PR: 200859
> Submitted by: Caglar
> Obtained from: https://github.com/mist64/xhyve/pull/24
> MFC after: 4 weeks
> Sponsored by: iXsystems Inc.
>
> Modified:
> head/usr.sbin/bhyve/pci_ahci.c
> head/usr.sbin/bhyve/pci_virtio_block.c
>
> Modified: head/usr.sbin/bhyve/pci_ahci.c
> ==
> --- head/usr.sbin/bhyve/pci_ahci.cTue Nov 20 22:12:10 2018
> (r340706)
> +++ head/usr.sbin/bhyve/pci_ahci.cTue Nov 20 22:21:19 2018
> (r340707)
> @@ -105,7 +105,7 @@ enum sata_fis_type {
> * ATA commands
> */
> #define ATA_SF_ENAB_SATA_SF 0x10
> -#define ATA_SATA_SF_AN 0x05
> +#define ATA_SATA_SF_AN 0x05
> #define ATA_SF_DIS_SATA_SF 0x90
>
> /*
> @@ -119,6 +119,8 @@ static FILE *dbg;
> #endif
> #define WPRINTF(format, arg...) printf(format, ##arg)
>
> +#define AHCI_PORT_IDENT 20 + 1
> +
> struct ahci_ioreq {
> struct blockif_req io_req;
> struct ahci_port *io_pr;
> @@ -136,7 +138,7 @@ struct ahci_port {
> struct pci_ahci_softc *pr_sc;
> uint8_t *cmd_lst;
> uint8_t *rfis;
> - char ident[20 + 1];
> + char ident[AHCI_PORT_IDENT];
> int port;
> int atapi;
> int reset;
> @@ -2374,7 +2376,8 @@ pci_ahci_init(struct vmctx *ctx, struct pci_devinst *p
> MD5Init();
> MD5Update(, opts, strlen(opts));
> MD5Final(digest, );
> - sprintf(sc->port[p].ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> + snprintf(sc->port[p].ident, AHCI_PORT_IDENT,
> + "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> digest[0], digest[1], digest[2], digest[3], digest[4],
> digest[5]);
>
>
> Modified: head/usr.sbin/bhyve/pci_virtio_block.c
> ==
> --- head/usr.sbin/bhyve/pci_virtio_block.cTue Nov 20 22:12:10 2018
> (r340706)
> +++ head/usr.sbin/bhyve/pci_virtio_block.cTue Nov 20 22:21:19 2018
> (r340707)
> @@ -61,7 +61,7 @@ __FBSDID("$FreeBSD$");
> #define VTBLK_S_IOERR1
> #define VTBLK_S_UNSUPP 2
>
> -#define VTBLK_BLK_ID_BYTES 20
> +#define VTBLK_BLK_ID_BYTES 20 + 1
>
> /* Capability bits */
> #define VTBLK_F_SEG_MAX (1 << 2)/* Maximum request
> segments */
> @@ -344,7 +344,8 @@ pci_vtblk_init(struct vmctx *ctx, struct pci_devinst *
> MD5Init();
> MD5Update(, opts, strlen(opts));
> MD5Final(digest, );
> - sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> + snprintf(sc->vbsc_ident, VTBLK_BLK_ID_BYTES,
> + "BHYVE-%02X%02X-%02X%02X-%02X%02X",
> digest[0], digest[1], digest[2], digest[3], digest[4], digest[5]);
>
> /* setup virtio block config space */
Hey Marcelo,
Thanks for committing this. Could VTBLK_BLK_ID_BYTES and
AHCI_PORT_IDENT be merged into the same macro, defined in
usr.sbin/bhyve/pci_emul.h? Especially since both equate to the same
value.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
svn commit: r340707 - head/usr.sbin/bhyve
Author: araujo
Date: Tue Nov 20 22:21:19 2018
New Revision: 340707
URL: https://svnweb.freebsd.org/changeset/base/340707
Log:
Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES
to avoid buffer accessed out of bounds, also switch to snprintf(3).
PR: 200859
Submitted by: Caglar
Obtained from:https://github.com/mist64/xhyve/pull/24
MFC after:4 weeks
Sponsored by: iXsystems Inc.
Modified:
head/usr.sbin/bhyve/pci_ahci.c
head/usr.sbin/bhyve/pci_virtio_block.c
Modified: head/usr.sbin/bhyve/pci_ahci.c
==
--- head/usr.sbin/bhyve/pci_ahci.c Tue Nov 20 22:12:10 2018
(r340706)
+++ head/usr.sbin/bhyve/pci_ahci.c Tue Nov 20 22:21:19 2018
(r340707)
@@ -105,7 +105,7 @@ enum sata_fis_type {
* ATA commands
*/
#defineATA_SF_ENAB_SATA_SF 0x10
-#defineATA_SATA_SF_AN 0x05
+#defineATA_SATA_SF_AN 0x05
#defineATA_SF_DIS_SATA_SF 0x90
/*
@@ -119,6 +119,8 @@ static FILE *dbg;
#endif
#define WPRINTF(format, arg...) printf(format, ##arg)
+#define AHCI_PORT_IDENT 20 + 1
+
struct ahci_ioreq {
struct blockif_req io_req;
struct ahci_port *io_pr;
@@ -136,7 +138,7 @@ struct ahci_port {
struct pci_ahci_softc *pr_sc;
uint8_t *cmd_lst;
uint8_t *rfis;
- char ident[20 + 1];
+ char ident[AHCI_PORT_IDENT];
int port;
int atapi;
int reset;
@@ -2374,7 +2376,8 @@ pci_ahci_init(struct vmctx *ctx, struct pci_devinst *p
MD5Init();
MD5Update(, opts, strlen(opts));
MD5Final(digest, );
- sprintf(sc->port[p].ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
+ snprintf(sc->port[p].ident, AHCI_PORT_IDENT,
+ "BHYVE-%02X%02X-%02X%02X-%02X%02X",
digest[0], digest[1], digest[2], digest[3], digest[4],
digest[5]);
Modified: head/usr.sbin/bhyve/pci_virtio_block.c
==
--- head/usr.sbin/bhyve/pci_virtio_block.c Tue Nov 20 22:12:10 2018
(r340706)
+++ head/usr.sbin/bhyve/pci_virtio_block.c Tue Nov 20 22:21:19 2018
(r340707)
@@ -61,7 +61,7 @@ __FBSDID("$FreeBSD$");
#define VTBLK_S_IOERR 1
#defineVTBLK_S_UNSUPP 2
-#defineVTBLK_BLK_ID_BYTES 20
+#defineVTBLK_BLK_ID_BYTES 20 + 1
/* Capability bits */
#defineVTBLK_F_SEG_MAX (1 << 2)/* Maximum request
segments */
@@ -344,7 +344,8 @@ pci_vtblk_init(struct vmctx *ctx, struct pci_devinst *
MD5Init();
MD5Update(, opts, strlen(opts));
MD5Final(digest, );
- sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
+ snprintf(sc->vbsc_ident, VTBLK_BLK_ID_BYTES,
+ "BHYVE-%02X%02X-%02X%02X-%02X%02X",
digest[0], digest[1], digest[2], digest[3], digest[4], digest[5]);
/* setup virtio block config space */
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
