From owner-svn-src-head@freebsd.org  Sat May  9 08:23:34 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DBB492E057E;
 Sat,  9 May 2020 08:23:34 +0000 (UTC)
 (envelope-from ronald-lists@klop.ws)
Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl
 [195.190.28.88])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49K0Zs0TjYz4RMJ;
 Sat,  9 May 2020 08:23:32 +0000 (UTC)
 (envelope-from ronald-lists@klop.ws)
Received: from smtp.greenhost.nl ([213.108.110.112])
 by smarthost1.greenhost.nl with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89)
 (envelope-from <ronald-lists@klop.ws>)
 id 1jXKle-0004D7-Bi; Sat, 09 May 2020 10:23:30 +0200
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
To: "Toomas Soome" <tsoome@me.com>
Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org, "Toomas Soome" <tsoome@freebsd.org>
Subject: Re: svn commit: r360836 - head/stand/libsa/zfs
References: <202005090625.0496PLvc091232@repo.freebsd.org>
 <op.0kb8afh7kndu52@sjakie> <2125B6CE-D25F-4BC8-AB13-89C4D01C7150@me.com>
Date: Sat, 09 May 2020 10:23:28 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Ronald Klop" <ronald-lists@klop.ws>
Message-ID: <op.0kcb9emkkndu52@sjakie>
In-Reply-To: <2125B6CE-D25F-4BC8-AB13-89C4D01C7150@me.com>
User-Agent: Opera Mail/12.16 (FreeBSD)
X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1
X-Virus-Scanned: by clamav at smarthost1.samage.net
X-Spam-Level: /
X-Spam-Score: -0.2
X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED,
 BAYES_50 autolearn=disabled version=3.4.2
X-Scan-Signature: 4c1f0696016754537de762f13eb96caa
X-Rspamd-Queue-Id: 49K0Zs0TjYz4RMJ
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of ronald-lists@klop.ws designates
 195.190.28.88 as permitted sender) smtp.mailfrom=ronald-lists@klop.ws
X-Spamd-Result: default: False [-2.50 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.190.28.64/27];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[klop.ws];
 RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[88.28.190.195.list.dnswl.org : 127.0.10.0];
 IP_SCORE(-0.70)[ip: (-0.54), ipnet: 195.190.28.0/24(-0.22), asn: 47172(-2.78),
 country: NL(0.03)]; FREEMAIL_TO(0.00)[me.com];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 RWL_MAILSPIKE_VERYGOOD(0.00)[88.28.190.195.rep.mailspike.net : 127.0.0.19];
 ASN(0.00)[asn:47172, ipnet:195.190.28.0/24, country:NL];
 MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.32
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 May 2020 08:23:34 -0000

On Sat, 09 May 2020 09:25:29 +0200, Toomas Soome <tsoome@me.com> wrote:

>
>
>> On 9. May 2020, at 09:57, Ronald Klop <ronald-lists@klop.ws> wrote:
>>
>> Hi Toomas,
>>
>> Could this fix this issue  
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144234 ?
>>
>> Regards,
>> Ronald.
>
>
> I doubt a bit unless you have GELI encryption or 4kn disk (which we can  
> not boot with BIOS, only with UEFI). That issue was reported 2010 agains  
> 9.0? is it still the case?
>
> rgds,
> toomas


Clear answer. I don't use the computer I had this problem with anymore.  
(It is in the attic somewhere,) And the problem disappeared for me in 2017  
(https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=144234#c33). But the  
issue apparently happens for other people in 12.1 still as I read in the  
replies to the issue.

Because of the bogus LBA numbers I suspected some memory corruption. But  
never found further evidence for this.

Regards,
Ronald.


>>
>>
>> On Sat, 09 May 2020 08:25:21 +0200, Toomas Soome <tsoome@freebsd.org>  
>> wrote:
>>
>>> Author: tsoome
>>> Date: Sat May  9 06:25:20 2020
>>> New Revision: 360836
>>> URL: https://svnweb.freebsd.org/changeset/base/360836
>>>
>>> Log:
>>>  loader: vdev_read() can corrupt memory
>>> When reading less than sector size but from sector boundary,
>>>  the vdev_read() will read full sector into the provided buffer
>>>  and therefore corrupting memory past buffer end.
>>> MFC after:	2 days
>>>
>>> Modified:
>>>  head/stand/libsa/zfs/zfs.c
>>>
>>> Modified: head/stand/libsa/zfs/zfs.c
>>> ==============================================================================
>>> --- head/stand/libsa/zfs/zfs.c	Sat May  9 05:04:02 2020	(r360835)
>>> +++ head/stand/libsa/zfs/zfs.c	Sat May  9 06:25:20 2020	(r360836)
>>> @@ -418,7 +418,7 @@ vdev_read(vdev_t *vdev, void *priv, off_t offset,  
>>> void
>>> 		full_sec_size -= secsz;
>>> 	/* Return of partial sector data requires a bounce buffer. */
>>> -	if ((head > 0) || do_tail_read) {
>>> +	if ((head > 0) || do_tail_read || bytes < secsz) {
>>> 		bouncebuf = malloc(secsz);
>>> 		if (bouncebuf == NULL) {
>>> 			printf("vdev_read: out of memory\n");
>>> @@ -442,14 +442,28 @@ vdev_read(vdev_t *vdev, void *priv, off_t  
>>> offset, void
>>> 		outbuf += min(secsz - head, bytes);
>>> 	}
>>> -	/* Full data return from read sectors */
>>> +	/*
>>> +	 * Full data return from read sectors.
>>> +	 * Note, there is still corner case where we read
>>> +	 * from sector boundary, but less than sector size, e.g. reading 512B
>>> +	 * from 4k sector.
>>> +	 */
>>> 	if (full_sec_size > 0) {
>>> -		res = read(fd, outbuf, full_sec_size);
>>> -		if (res != full_sec_size) {
>>> -			ret = EIO;
>>> -			goto error;
>>> +		if (bytes < full_sec_size) {
>>> +			res = read(fd, bouncebuf, secsz);
>>> +			if (res != secsz) {
>>> +				ret = EIO;
>>> +				goto error;
>>> +			}
>>> +			memcpy(outbuf, bouncebuf, bytes);
>>> +		} else {
>>> +			res = read(fd, outbuf, full_sec_size);
>>> +			if (res != full_sec_size) {
>>> +				ret = EIO;
>>> +				goto error;
>>> +			}
>>> +			outbuf += full_sec_size;
>>> 		}
>>> -		outbuf += full_sec_size;
>>> 	}
>>> 	/* Partial data return from last sector */
>>> _______________________________________________
>>> svn-src-all@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/svn-src-all
>>> To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"