From owner-freebsd-geom@freebsd.org Sun Oct 14 21:01:15 2018 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CBDB410BF89C for ; Sun, 14 Oct 2018 21:01:15 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6C95774083 for ; Sun, 14 Oct 2018 21:01:15 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 31B9910BF899; Sun, 14 Oct 2018 21:01:15 +0000 (UTC) Delivered-To: geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2087E10BF896 for ; Sun, 14 Oct 2018 21:01:15 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B95FD74076 for ; Sun, 14 Oct 2018 21:01:14 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 13C061711D for ; Sun, 14 Oct 2018 21:01:14 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9EL1DGh039779 for ; Sun, 14 Oct 2018 21:01:13 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9EL1DFk039769 for geom@FreeBSD.org; Sun, 14 Oct 2018 21:01:13 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201810142101.w9EL1DFk039769@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: geom@FreeBSD.org Subject: Problem reports for geom@FreeBSD.org that need special attention Date: Sun, 14 Oct 2018 21:01:13 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Oct 2018 21:01:16 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- In Progress | 218679 | [geli] add a verify command 1 problems total for which you should take action. From owner-freebsd-geom@freebsd.org Fri Oct 19 17:11:49 2018 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE569FD1E7B for ; Fri, 19 Oct 2018 17:11:49 +0000 (UTC) (envelope-from sobomax@sippysoft.com) Received: from mail-ot1-f67.google.com (mail-ot1-f67.google.com [209.85.210.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5D89284F2A for ; Fri, 19 Oct 2018 17:11:49 +0000 (UTC) (envelope-from sobomax@sippysoft.com) Received: by mail-ot1-f67.google.com with SMTP id x4so32477258otg.3 for ; Fri, 19 Oct 2018 10:11:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=wk9LvQsPLMF2TD5PARREYsOZDaBV0nQVBT6izj5oB1s=; b=WAq5hg8a6GVuSlT5K3ZuSQ+n3q2iBknUVArHoi8b6YA6I4d4CZ3MIOKK8EmYMmoKCv BWdWb7I+Kcccc19brdamb/YUC8q8tfHkzwppEiHLsfcGEouW+dCsK8FdygLeOWP/nQ4x GWKLod6W32LMpUmzk0wDMVTah1vFmH2me8OYuLHVLd+x+5l6cFp8K90pwB8MWAQdXtaq diFGA0jRFkaztbS5QQfy25iYHLqYE4pRGmd+sMYE/NpHc1JzMSiweIUG9bZk5aZAUBNh Ml2aTrDt2VOIJc40Gl1VeMd7PvtuMWnivx5Z2gwm1tUzng+dj83f/5zLR3PX9IKWl5Ln +IAg== X-Gm-Message-State: ABuFfoji2yFiAN6ELspvQpL5Kp0iVAE4gOT6aA4aeXJvNAbOM1X5zK3s WeV5/74JM2kHKwDhcmAzytJ6UaCUN4TFUocte/2U8B9C9tk= X-Google-Smtp-Source: ACcGV606yhGV3oxoL5jwx5Ki1jlTD68wD1heYPd8dkk1ODhxOs6K/AOR3GP3O0Aig+d3WNs9nLAPlL5TRd6Ozu8T8RY= X-Received: by 2002:a9d:3ae:: with SMTP id f43mr22994660otf.208.1539962444644; Fri, 19 Oct 2018 08:20:44 -0700 (PDT) MIME-Version: 1.0 From: Maxim Sobolev Date: Fri, 19 Oct 2018 08:20:33 -0700 Message-ID: Subject: Off-by-1 error in the g_io_check() To: freebsd-geom@freebsd.org, Poul-Henning Kamp Cc: secteam@freebsd.org Content-Type: multipart/mixed; boundary="0000000000007bc0f505789672f7" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Oct 2018 17:11:50 -0000 --0000000000007bc0f505789672f7 Content-Type: text/plain; charset="UTF-8" Hi, I came across a bug that possibly affects all versions of FreeBSD since dawn of the GEOM. There seems to be off-by-one error in the g_io_check() allowing requests that just past the boundary of the device to be accepted. I was particularly looking at generating BIO_DELETE requests in the userland and noticed that GEOM provider would accept request for the first sector outside of the device area. The following example illustrates the issue: ---- test.c ---- #include #include #include #include #include #include int main(int argc, char **argv) { int fd; off_t mediasize, ioarg[2]; u_int secsize; assert(argc == 2); fd = open(argv[1], O_RDWR, 0); assert(fd >= 0); assert(ioctl(fd, DIOCGMEDIASIZE, &mediasize) == 0); assert(ioctl(fd, DIOCGSECTORSIZE, &secsize) == 0); ioarg[0] = mediasize - secsize; ioarg[1] = secsize; /* Zero out last sector */ assert(ioctl(fd, DIOCGDELETE, ioarg) == 0); ioarg[0] += secsize; /* Zero out last sector + 1 */ assert(ioctl(fd, DIOCGDELETE, ioarg) == -1); assert(errno == EIO); exit(0); } ------------ # cc -o test test.c # mdconfig -a -t malloc -s 1m md0 # ./test /dev/md0 Assertion failed: (ioctl(fd, DIOCGDELETE, ioarg) == -1), function main, file a.c, line 25. Abort trap # Patch to correct this is attached. I have not looked at the code md(4) to see if it actually results in buffer outside of the allocated area being zeroed out, but it's totally possible that some providers might do some weird stuff given a BIO_DELETE request like this. So we are possibly looking at a mild security issue here (hence CC secteam). -Max --0000000000007bc0f505789672f7 Content-Type: application/octet-stream; name="geom_io.c.diff" Content-Disposition: attachment; filename="geom_io.c.diff" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_jng5dwu30 ZGlmZiAtLWdpdCBhL3N5cy9nZW9tL2dlb21faW8uYyBiL3N5cy9nZW9tL2dlb21faW8uYwppbmRl eCA3Mzg5NWIzMGY3Li4xNDQ0ZWNkMDZhIDEwMDY0NAotLS0gYS9zeXMvZ2VvbS9nZW9tX2lvLmMK KysrIGIvc3lzL2dlb20vZ2VvbV9pby5jCkBAIC00MTUsNiArNDE1LDggQEAgZ19pb19jaGVjayhz dHJ1Y3QgYmlvICpicCkKIAkJCXJldHVybiAoRUlPKTsKIAkJaWYgKGJwLT5iaW9fb2Zmc2V0ID4g cHAtPm1lZGlhc2l6ZSkKIAkJCXJldHVybiAoRUlPKTsKKwkJaWYgKGJwLT5iaW9fb2Zmc2V0ID09 IHBwLT5tZWRpYXNpemUgJiYgYnAtPmJpb19sZW5ndGggPiAwKQorCQkJcmV0dXJuIChFSU8pOwog CiAJCS8qIFRydW5jYXRlIHJlcXVlc3RzIHRvIHRoZSBlbmQgb2YgcHJvdmlkZXJzIG1lZGlhLiAq LwogCQlleGNlc3MgPSBicC0+YmlvX29mZnNldCArIGJwLT5iaW9fbGVuZ3RoOwo= --0000000000007bc0f505789672f7-- From owner-freebsd-geom@freebsd.org Sat Oct 20 14:32:42 2018 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88FFAFE70E7 for ; Sat, 20 Oct 2018 14:32:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 246C5710F2 for ; Sat, 20 Oct 2018 14:32:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id DB2F2FE70E3; Sat, 20 Oct 2018 14:32:41 +0000 (UTC) Delivered-To: geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9ECFFE70E1 for ; Sat, 20 Oct 2018 14:32:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 63A9F710EF for ; Sat, 20 Oct 2018 14:32:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id B24D0187B0 for ; Sat, 20 Oct 2018 14:32:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9KEWekl030513 for ; Sat, 20 Oct 2018 14:32:40 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9KEWeOV030512 for geom@FreeBSD.org; Sat, 20 Oct 2018 14:32:40 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: geom@FreeBSD.org Subject: [Bug 232463] EBR slice cannot be added partitions to Date: Sat, 20 Oct 2018 14:32:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ae@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: geom@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Oct 2018 14:32:42 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232463 Andrey V. Elsukov changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |geom@FreeBSD.org CC|ae@FreeBSD.org | --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-geom@freebsd.org Sat Oct 20 14:39:01 2018 Return-Path: Delivered-To: freebsd-geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 28B0FFE72BE for ; Sat, 20 Oct 2018 14:39:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B8F70712DB for ; Sat, 20 Oct 2018 14:39:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 7BD47FE72BD; Sat, 20 Oct 2018 14:39:00 +0000 (UTC) Delivered-To: geom@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6AA8FFE72BC for ; Sat, 20 Oct 2018 14:39:00 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EC48F712D7 for ; Sat, 20 Oct 2018 14:38:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 45D0B187B9 for ; Sat, 20 Oct 2018 14:38:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w9KEcxkS036797 for ; Sat, 20 Oct 2018 14:38:59 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w9KEcxXr036796 for geom@FreeBSD.org; Sat, 20 Oct 2018 14:38:59 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: geom@FreeBSD.org Subject: [Bug 232463] EBR slice cannot be added partitions to Date: Sat, 20 Oct 2018 14:38:59 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: bourne.identity@hotmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: geom@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Oct 2018 14:39:01 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D232463 --- Comment #13 from bourne.identity@hotmail.com --- Thanks Andrey --=20 You are receiving this mail because: You are the assignee for the bug.=