Date: Fri, 11 Nov 2016 15:11:56 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 214423] dosfs support in libstand is broken since r298230 Message-ID: <bug-214423-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D214423 Bug ID: 214423 Summary: dosfs support in libstand is broken since r298230 Product: Base System Version: 11.0-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: Mikhail.Kupchik@gmail.com CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org Created attachment 176899 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D176899&action= =3Dedit Patch for lib/libstand/dosfs.c Support for dosfs filesystem in loader.efi (via libstand) works as expected= in FreeBSD 10.3, but is broken since FreeBSD 11.0. How to reproduce this problem: # cd ~ # dd if=3D/dev/zero of=3Dmfsroot bs=3D1m count=3D12 # set MDEV=3D`mdconfig -a -t vnode -f mfsroot` # newfs -O 1 /dev/$MDEV # mount /dev/$MDEV /mnt # mkdir /mnt/dev # mkdir /mnt/sbin # cp /rescue/sh /mnt/sbin/init # umount /mnt # mdconfig -d -u $MDEV # dd if=3D/dev/zero of=3Dtestbootfs bs=3D1m count=3D128 # set MDEV=3D`mdconfig -a -t vnode -f testbootfs` # gpart create -s gpt $MDEV # gpart add -t efi $MDEV # newfs_msdos "${MDEV}p1" # mount -t msdosfs "/dev/${MDEV}p1" /mnt # mkdir /mnt/boot # mv mfsroot /mnt/boot/ # cp /boot/kernel/kernel /mnt/boot/kernel # echo 'set vfs.root.mountfrom=3D"ufs:/dev/md0"' > /mnt/boot/loader.rc # echo 'load /boot/kernel' >> /mnt/boot/loader.rc # echo 'load -t mfsroot /boot/mfsroot' >> /mnt/boot/loader.rc # echo 'boot' >> /mnt/boot/loader.rc # mkdir -p /mnt/efi/boot # cp /boot/loader.efi /mnt/efi/boot/bootx64.efi # umount /mnt # mdconfig -d -u $MDEV then write ~/testbootfs to USB thumbdrive and attempt to boot from it in the UEFI mode. Expected behavior: normal boot until init. Actual behavior: when loader is reading kernel from disk, UEFI firmware cra= shes due to the heap corruption. Problem can be reproduced under 12-CURRENT and 11.0-RELEASE-p2. Problem can= 't be reproduced under 10.3-RELEASE-p11. Bisection shows that problem is relat= ed to changes in lib/libstand/dosfs.c made in r298230. This problem seems to be caused by long disk read (past the end of allocated buffer) in lib/libstand/dosfs.c:ioread() or device strategy functions calle= d in that context. Attached patch for lib/libstand/dosfs.c fixes this heap corruption (and also simplifies fetching of the next cluster from FAT cache): --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-214423-6>