From owner-freebsd-geom@freebsd.org  Mon Jul 18 01:34:29 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AB785B9A830
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Mon, 18 Jul 2016 01:34:29 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 963CF140F
 for <freebsd-geom@FreeBSD.org>; Mon, 18 Jul 2016 01:34:29 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6I1YTjJ033151
 for <freebsd-geom@FreeBSD.org>; Mon, 18 Jul 2016 01:34:29 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 209113] Heap overflow in geom ioctl handler
Date: Mon, 18 Jul 2016 01:34:29 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ryan@ryanday.net
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-geom@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc attachments.created
Message-ID: <bug-209113-14739-6Lmu3S1BEp@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2016 01:34:29 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209113

rday <ryan@ryanday.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ryan@ryanday.net

--- Comment #1 from rday <ryan@ryanday.net> ---
Created attachment 172625
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D172625&action=
=3Dedit
Fix for 209113

A problem existed where a g_malloc call would allocate a buffer length
specified by a 32 bit integer. Then copyin would write a 64 bit integer wor=
th
of data into the buffer.

By changing g_malloc()'s len argument to be a size_t (matching malloc) the
buffer will always be large enough for copyin.

It is still possible to hang the process while waiting for a large enough
allocation, so the M_NOWAIT flag has replaced the M_WAITOK flag.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-geom@freebsd.org  Tue Jul 19 01:50:44 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EBB1B9D21A
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Tue, 19 Jul 2016 01:50:44 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EFF2B171B
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 01:50:43 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6J1ohNm073172
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 01:50:43 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 211028] [GEOM][Hyper-V] gpart can't detect the new free space
 after the disk capacity changes
Date: Tue, 19 Jul 2016 01:50:44 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: decui@microsoft.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211028-14739-n6ASXgGhr8@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2016 01:50:44 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211028

--- Comment #20 from Dexuan Cui <decui@microsoft.com> ---
(In reply to Dexuan Cui from comment #19)

The 11-beta3 build will begin on July 22.
I hope we can have Andrey's patch committed before the date so that it can =
get
more tests. I think we definitely want to make sure the bug is fixed in the
final 11 release.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

From owner-freebsd-geom@freebsd.org  Tue Jul 19 05:37:20 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 02E52B9D1CB
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Tue, 19 Jul 2016 05:37:20 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E682A187E
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 05:37:19 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6J5bJ7e015207
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 05:37:19 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 211028] [GEOM][Hyper-V] gpart can't detect the new free space
 after the disk capacity changes
Date: Tue, 19 Jul 2016 05:37:19 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211028-14739-nzDJiRnilh@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2016 05:37:20 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211028

--- Comment #21 from commit-hook@freebsd.org ---
A commit references this bug:

Author: ae
Date: Tue Jul 19 05:36:21 UTC 2016
New revision: 303019
URL: https://svnweb.freebsd.org/changeset/base/303019

Log:
  Use g_resize_provider() to change the size of GEOM_DISK provider,
  when it is being opened. This should fix the possible loss of a resize
  event when disk capacity changed.

  PR:           211028
  Reported by:  Dexuan Cui <decui at microsoft dot com>
  MFC after:    3 weeks

Changes:
  head/sys/geom/geom_disk.c

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

From owner-freebsd-geom@freebsd.org  Tue Jul 19 05:38:35 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C85DFB9D260
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Tue, 19 Jul 2016 05:38:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B7F07196A
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 05:38:35 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6J5cYZs016846
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 05:38:35 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 211028] [GEOM][Hyper-V] gpart can't detect the new free space
 after the disk capacity changes
Date: Tue, 19 Jul 2016 05:38:35 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: ae@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211028-14739-b8I2qAemED@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2016 05:38:35 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211028

--- Comment #22 from Andrey V. Elsukov <ae@FreeBSD.org> ---
I think we need a bit more time to test this, so I don't think it will be in
11.0-release.

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

From owner-freebsd-geom@freebsd.org  Tue Jul 19 06:24:29 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 094F5B9DFBF
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Tue, 19 Jul 2016 06:24:29 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id ECF211442
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 06:24:28 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6J6OSLb041708
 for <freebsd-geom@FreeBSD.org>; Tue, 19 Jul 2016 06:24:28 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 211028] [GEOM][Hyper-V] gpart can't detect the new free space
 after the disk capacity changes
Date: Tue, 19 Jul 2016 06:24:28 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: decui@microsoft.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-211028-14739-yuKusmHQWK@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-211028-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2016 06:24:29 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211028

--- Comment #23 from Dexuan Cui <decui@microsoft.com> ---
(In reply to Andrey V. Elsukov from comment #22)
Got it. Thank you, Andrey!

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

From owner-freebsd-geom@freebsd.org  Wed Jul 20 07:17:08 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68E5BB9C2A9
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Wed, 20 Jul 2016 07:17:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 58E161D51
 for <freebsd-geom@FreeBSD.org>; Wed, 20 Jul 2016 07:17:08 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6K7H7E9039867
 for <freebsd-geom@FreeBSD.org>; Wed, 20 Jul 2016 07:17:08 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 209113] Heap overflow in geom ioctl handler
Date: Wed, 20 Jul 2016 07:17:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: delphij@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-geom@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-209113-14739-PUzASZ7C7E@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 07:17:08 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209113

Xin LI <delphij@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|secteam@FreeBSD.org         |

--- Comment #2 from Xin LI <delphij@FreeBSD.org> ---
-secteam@.  This is not exploitable by non-root.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-geom@freebsd.org  Wed Jul 20 07:20:40 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F4F8B9C3C8
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Wed, 20 Jul 2016 07:20:40 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4F0131E10
 for <freebsd-geom@FreeBSD.org>; Wed, 20 Jul 2016 07:20:40 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6K7KdQc046169
 for <freebsd-geom@FreeBSD.org>; Wed, 20 Jul 2016 07:20:40 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 209113] Heap overflow in geom ioctl handler
Date: Wed, 20 Jul 2016 07:20:40 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: delphij@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-geom@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-209113-14739-BLaMl4ng8m@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 07:20:40 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209113

--- Comment #3 from Xin LI <delphij@FreeBSD.org> ---
(In reply to rday from comment #1)
I don't really like the M_NOWAIT part -- shouldn't we place a hard limit on=
 how
much the userland may request instead?

--=20
You are receiving this mail because:
You are the assignee for the bug.=

From owner-freebsd-geom@freebsd.org  Wed Jul 20 21:02:24 2016
Return-Path: <owner-freebsd-geom@freebsd.org>
Delivered-To: freebsd-geom@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3292B9F489
 for <freebsd-geom@mailman.ysv.freebsd.org>;
 Wed, 20 Jul 2016 21:02:24 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C30E41241
 for <freebsd-geom@FreeBSD.org>; Wed, 20 Jul 2016 21:02:24 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6KL2Ob5041391
 for <freebsd-geom@FreeBSD.org>; Wed, 20 Jul 2016 21:02:24 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-geom@FreeBSD.org
Subject: [Bug 209113] Heap overflow in geom ioctl handler
Date: Wed, 20 Jul 2016 21:02:24 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: ryan@ryanday.net
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-geom@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-209113-14739-ot1FAojYV4@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
References: <bug-209113-14739@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: GEOM-specific discussions and implementations
 <freebsd-geom.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom/>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
 <mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 21:02:24 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209113

--- Comment #4 from rday <ryan@ryanday.net> ---
I think you're right, a hard limit would be better. I can't find a maximum
parameter count or a maximum parameter size in the documentation though. I
don't think I'm familiar enough with the system to come up with a value.

On the other hand, if root issues a malicious ioctl() then root's process j=
ust
waits(using M_WAITOK). This doesn't seem like much of a concern.

Lacking a sufficient hard limit, would it be best to simply change the `siz=
e`
parameter's type to size_t? Removing the M_NOWAIT change?

--=20
You are receiving this mail because:
You are the assignee for the bug.=