Author: asomers Date: Sun Feb 4 14:49:55 2018 New Revision: 328849 URL: https://svnweb.freebsd.org/changeset/base/328849
Log: geom: don't write stack garbage in disk labels Most consumers of g_metadata_store were passing in partially unallocated memory, resulting in stack garbage being written to disk labels. Fix them by zeroing the memory first. gvirstor repeated the same mistake, but in the kernel. Also, glabel's label contained a fixed-size string that wasn't initialized to zero. PR: 222077 Reported by: Maxim Khitrov <m...@mxcrypt.com> Reviewed by: cem MFC after: 3 weeks X-MFC-With: 323314 X-MFC-With: 323338 Differential Revision: https://reviews.freebsd.org/D14164 Modified: head/sbin/geom/class/cache/geom_cache.c head/sbin/geom/class/concat/geom_concat.c head/sbin/geom/class/journal/geom_journal.c head/sbin/geom/class/label/geom_label.c head/sbin/geom/class/mirror/geom_mirror.c head/sbin/geom/class/raid3/geom_raid3.c head/sbin/geom/class/shsec/geom_shsec.c head/sbin/geom/class/stripe/geom_stripe.c head/sbin/geom/misc/subr.c head/sys/geom/virstor/g_virstor.c Modified: head/sbin/geom/class/cache/geom_cache.c ============================================================================== --- head/sbin/geom/class/cache/geom_cache.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/cache/geom_cache.c Sun Feb 4 14:49:55 2018 (r328849) @@ -137,6 +137,7 @@ cache_label(struct gctl_req *req) int error, nargs; intmax_t val; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs != 2) { gctl_error(req, "Invalid number of arguments."); Modified: head/sbin/geom/class/concat/geom_concat.c ============================================================================== --- head/sbin/geom/class/concat/geom_concat.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/concat/geom_concat.c Sun Feb 4 14:49:55 2018 (r328849) @@ -119,6 +119,7 @@ concat_label(struct gctl_req *req) const char *name; int error, i, hardcode, nargs; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 2) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/journal/geom_journal.c ============================================================================== --- head/sbin/geom/class/journal/geom_journal.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/journal/geom_journal.c Sun Feb 4 14:49:55 2018 (r328849) @@ -144,6 +144,7 @@ journal_label(struct gctl_req *req) intmax_t jsize, msize, ssize; int error, force, i, nargs, checksum, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); str = NULL; /* gcc */ Modified: head/sbin/geom/class/label/geom_label.c ============================================================================== --- head/sbin/geom/class/label/geom_label.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/label/geom_label.c Sun Feb 4 14:49:55 2018 (r328849) @@ -125,6 +125,7 @@ label_label(struct gctl_req *req) u_char sector[512]; int error, nargs; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs != 2) { gctl_error(req, "Invalid number of arguments."); @@ -145,6 +146,7 @@ label_label(struct gctl_req *req) strlcpy(md.md_magic, G_LABEL_MAGIC, sizeof(md.md_magic)); md.md_version = G_LABEL_VERSION; label = gctl_get_ascii(req, "arg0"); + bzero(md.md_label, sizeof(md.md_label)); strlcpy(md.md_label, label, sizeof(md.md_label)); md.md_provsize = g_get_mediasize(name); if (md.md_provsize == 0) { Modified: head/sbin/geom/class/mirror/geom_mirror.c ============================================================================== --- head/sbin/geom/class/mirror/geom_mirror.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/mirror/geom_mirror.c Sun Feb 4 14:49:55 2018 (r328849) @@ -188,6 +188,7 @@ mirror_label(struct gctl_req *req) intmax_t val; int error, i, nargs, bal, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 2) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/raid3/geom_raid3.c ============================================================================== --- head/sbin/geom/class/raid3/geom_raid3.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/raid3/geom_raid3.c Sun Feb 4 14:49:55 2018 (r328849) @@ -151,6 +151,7 @@ raid3_label(struct gctl_req *req) int hardcode, round_robin, verify; int error, i, nargs; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 4) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/shsec/geom_shsec.c ============================================================================== --- head/sbin/geom/class/shsec/geom_shsec.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/shsec/geom_shsec.c Sun Feb 4 14:49:55 2018 (r328849) @@ -112,6 +112,7 @@ shsec_label(struct gctl_req *req) const char *name; int error, i, nargs, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs <= 2) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/stripe/geom_stripe.c ============================================================================== --- head/sbin/geom/class/stripe/geom_stripe.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/stripe/geom_stripe.c Sun Feb 4 14:49:55 2018 (r328849) @@ -130,6 +130,7 @@ stripe_label(struct gctl_req *req) const char *name; int error, i, nargs, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 3) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/misc/subr.c ============================================================================== --- head/sbin/geom/misc/subr.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/misc/subr.c Sun Feb 4 14:49:55 2018 (r328849) @@ -273,6 +273,13 @@ out: return (error); } +/* + * Actually write the GEOM label to the provider + * + * @param name GEOM provider's name (ie "ada0") + * @param md Pointer to the label data to write + * @param size Size of the data pointed to by md + */ int g_metadata_store(const char *name, const unsigned char *md, size_t size) { Modified: head/sys/geom/virstor/g_virstor.c ============================================================================== --- head/sys/geom/virstor/g_virstor.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sys/geom/virstor/g_virstor.c Sun Feb 4 14:49:55 2018 (r328849) @@ -1042,6 +1042,7 @@ write_metadata(struct g_consumer *cp, struct g_virstor pp = cp->provider; buf = malloc(pp->sectorsize, M_GVIRSTOR, M_WAITOK); + bzero(buf, pp->sectorsize); virstor_metadata_encode(md, buf); g_topology_unlock(); error = g_write_data(cp, pp->mediasize - pp->sectorsize, buf, _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
