svn commit: r311964 - head/sys/geom/raid

Wed, 11 Jan 2017 22:59:53 -0800 

Author: cem
Date: Thu Jan 12 06:58:31 2017
New Revision: 311964
URL: https://svnweb.freebsd.org/changeset/base/311964

Log:
  g_raid: Prevent tasters from attempting excessively large reads
  
  Some g_raid tasters attempt metadata reads in multiples of the provider
  sectorsize.  Reads larger than MAXPHYS are invalid, so detect and abort
  in such situations.
  
  Spiritually similar to r217305 / PR 147851.
  
  PR:           214721
  Sponsored by: Dell EMC Isilon

Modified:
  head/sys/geom/raid/md_ddf.c
  head/sys/geom/raid/md_promise.c

Modified: head/sys/geom/raid/md_ddf.c
==============================================================================
--- head/sys/geom/raid/md_ddf.c Thu Jan 12 06:38:03 2017        (r311963)
+++ head/sys/geom/raid/md_ddf.c Thu Jan 12 06:58:31 2017        (r311964)
@@ -1161,6 +1161,16 @@ hdrerror:
                    (GET16(meta, hdr->Configuration_Record_Length) * ss - 512) 
/ 12));
        }
 
+       if (GET32(meta, hdr->cd_length) * ss >= MAXPHYS ||
+           GET32(meta, hdr->pdr_length) * ss >= MAXPHYS ||
+           GET32(meta, hdr->vdr_length) * ss >= MAXPHYS ||
+           GET32(meta, hdr->cr_length) * ss >= MAXPHYS ||
+           GET32(meta, hdr->pdd_length) * ss >= MAXPHYS ||
+           GET32(meta, hdr->bbmlog_length) * ss >= MAXPHYS) {
+               G_RAID_DEBUG(1, "%s: Blocksize is too big.", pp->name);
+               goto hdrerror;
+       }
+
        /* Read controller data. */
        buf = g_read_data(cp, (lba + GET32(meta, hdr->cd_section)) * ss,
            GET32(meta, hdr->cd_length) * ss, &error);

Modified: head/sys/geom/raid/md_promise.c
==============================================================================
--- head/sys/geom/raid/md_promise.c     Thu Jan 12 06:38:03 2017        
(r311963)
+++ head/sys/geom/raid/md_promise.c     Thu Jan 12 06:58:31 2017        
(r311964)
@@ -341,6 +341,11 @@ promise_meta_read(struct g_consumer *cp,
 
        pp = cp->provider;
        subdisks = 0;
+
+       if (pp->sectorsize * 4 > MAXPHYS) {
+               G_RAID_DEBUG(1, "%s: Blocksize is too big.", pp->name);
+               return (subdisks);
+       }
 next:
        /* Read metadata block. */
        buf = g_read_data(cp, pp->mediasize - pp->sectorsize *
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to