From owner-svn-src-all@FreeBSD.ORG Thu Aug 2 15:05:35 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2639F106570A; Thu, 2 Aug 2012 15:05:35 +0000 (UTC) (envelope-from jh@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id EBCDA8FC08; Thu, 2 Aug 2012 15:05:34 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q72F5YOH093932; Thu, 2 Aug 2012 15:05:34 GMT (envelope-from jh@svn.freebsd.org) Received: (from jh@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q72F5Y8j093930; Thu, 2 Aug 2012 15:05:34 GMT (envelope-from jh@svn.freebsd.org) Message-Id: <201208021505.q72F5Y8j093930@svn.freebsd.org> From: Jaakko Heinonen Date: Thu, 2 Aug 2012 15:05:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r238991 - head/sys/dev/md X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2012 15:05:35 -0000 Author: jh Date: Thu Aug 2 15:05:34 2012 New Revision: 238991 URL: http://svn.freebsd.org/changeset/base/238991 Log: Disallow sectorsize larger than MAXPHYS and mediasize smaller than sectorsize. PR: 169947 Submitted by: Filip Palian (original version) Reviewed by: kib Modified: head/sys/dev/md/md.c Modified: head/sys/dev/md/md.c ============================================================================== --- head/sys/dev/md/md.c Thu Aug 2 13:57:49 2012 (r238990) +++ head/sys/dev/md/md.c Thu Aug 2 15:05:34 2012 (r238991) @@ -1090,7 +1090,7 @@ mdresize(struct md_s *sc, struct md_ioct case MD_VNODE: break; case MD_SWAP: - if (mdio->md_mediasize == 0 || + if (mdio->md_mediasize <= 0 || (mdio->md_mediasize % PAGE_SIZE) != 0) return (EDOM); oldpages = OFF_TO_IDX(round_page(sc->mediasize)); @@ -1148,7 +1148,7 @@ mdcreate_swap(struct md_s *sc, struct md * Range check. Disallow negative sizes or any size less then the * size of a page. Then round to a page. */ - if (sc->mediasize == 0 || (sc->mediasize % PAGE_SIZE) != 0) + if (sc->mediasize <= 0 || (sc->mediasize % PAGE_SIZE) != 0) return (EDOM); /* @@ -1189,6 +1189,7 @@ xmdctlioctl(struct cdev *dev, u_long cmd struct md_ioctl *mdio; struct md_s *sc; int error, i; + unsigned sectsize; if (md_debug) printf("mdctlioctl(%s %lx %p %x %p)\n", @@ -1217,6 +1218,12 @@ xmdctlioctl(struct cdev *dev, u_long cmd default: return (EINVAL); } + if (mdio->md_sectorsize == 0) + sectsize = DEV_BSIZE; + else + sectsize = mdio->md_sectorsize; + if (sectsize > MAXPHYS || mdio->md_mediasize < sectsize) + return (EINVAL); if (mdio->md_options & MD_AUTOUNIT) sc = mdnew(-1, &error, mdio->md_type); else { @@ -1229,10 +1236,7 @@ xmdctlioctl(struct cdev *dev, u_long cmd if (mdio->md_options & MD_AUTOUNIT) mdio->md_unit = sc->unit; sc->mediasize = mdio->md_mediasize; - if (mdio->md_sectorsize == 0) - sc->sectorsize = DEV_BSIZE; - else - sc->sectorsize = mdio->md_sectorsize; + sc->sectorsize = sectsize; error = EDOOFUS; switch (sc->type) { case MD_MALLOC: @@ -1282,6 +1286,8 @@ xmdctlioctl(struct cdev *dev, u_long cmd sc = mdfind(mdio->md_unit); if (sc == NULL) return (ENOENT); + if (mdio->md_mediasize < sc->sectorsize) + return (EINVAL); if (mdio->md_mediasize < sc->mediasize && !(sc->flags & MD_FORCE) && !(mdio->md_options & MD_FORCE))