From owner-svn-src-head@freebsd.org  Sat Jun 16 15:16:04 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1CD311019341;
 Sat, 16 Jun 2018 15:16:04 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B280884B53;
 Sat, 16 Jun 2018 15:16:03 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 706F327FFB;
 Sat, 16 Jun 2018 15:16:03 +0000 (UTC)
 (envelope-from allanjude@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5GFG38U017899;
 Sat, 16 Jun 2018 15:16:03 GMT (envelope-from allanjude@FreeBSD.org)
Received: (from allanjude@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5GFG33p017898;
 Sat, 16 Jun 2018 15:16:03 GMT (envelope-from allanjude@FreeBSD.org)
Message-Id: <201806161516.w5GFG33p017898@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: allanjude set sender to
 allanjude@FreeBSD.org using -f
From: Allan Jude <allanjude@FreeBSD.org>
Date: Sat, 16 Jun 2018 15:16:03 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r335254 - in head/stand/i386: libi386 zfsboot
X-SVN-Group: head
X-SVN-Commit-Author: allanjude
X-SVN-Commit-Paths: in head/stand/i386: libi386 zfsboot
X-SVN-Commit-Revision: 335254
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jun 2018 15:16:04 -0000

Author: allanjude
Date: Sat Jun 16 15:16:02 2018
New Revision: 335254
URL: https://svnweb.freebsd.org/changeset/base/335254

Log:
  Avoid reading past the end of the disk in zfsboot.c and biosdisk.c
  
  The GELI boot code rounds reads up to 4k, since the encrypted sectors are
  4k, and must be decrypted as a unit. With oddball sized disks (almost
  always virtual), this can lead to reading past the end of the disk.
  
  Reviewed by:	imp, tsoome
  Sponsored by:	Klara Systems
  Differential Revision:	https://reviews.freebsd.org/D15844

Modified:
  head/stand/i386/libi386/biosdisk.c
  head/stand/i386/zfsboot/zfsboot.c

Modified: head/stand/i386/libi386/biosdisk.c
==============================================================================
--- head/stand/i386/libi386/biosdisk.c	Sat Jun 16 15:05:05 2018	(r335253)
+++ head/stand/i386/libi386/biosdisk.c	Sat Jun 16 15:16:02 2018	(r335254)
@@ -882,6 +882,12 @@ bd_read(struct disk_devdesc *dev, daddr_t dblk, int bl
 			}
 		}
 
+		if (alignlba + alignblks > BD(dev).bd_sectors) {
+			DEBUG("Shorted read at %llu from %d to %llu blocks",
+			    alignlba, alignblks, BD(dev).bd_sectors - alignlba);
+			alignblks = BD(dev).bd_sectors - alignlba;
+		}
+
 		err = bd_io(dev, alignlba, alignblks, tmpbuf, 0);
 		if (err)
 			return (err);

Modified: head/stand/i386/zfsboot/zfsboot.c
==============================================================================
--- head/stand/i386/zfsboot/zfsboot.c	Sat Jun 16 15:05:05 2018	(r335253)
+++ head/stand/i386/zfsboot/zfsboot.c	Sat Jun 16 15:16:02 2018	(r335254)
@@ -209,6 +209,12 @@ vdev_read(void *xvdev, void *priv, off_t off, void *bu
 		alignnb = roundup2(nb * DEV_BSIZE + diff, DEV_GELIBOOT_BSIZE)
 		    / DEV_BSIZE;
 
+		if (dsk->size > 0 && alignlba + alignnb > dsk->size + dsk->start) {
+			printf("Shortening read at %lld from %d to %lld\n", alignlba,
+			    alignnb, (dsk->size + dsk->start) - alignlba);
+			alignnb = (dsk->size + dsk->start) - alignlba;
+		}
+
 		if (drvread(dsk, dmadat->rdbuf, alignlba, alignnb))
 			return -1;
 #ifdef LOADER_GELI_SUPPORT
@@ -694,7 +700,7 @@ main(void)
     dsk->slice = *(uint8_t *)PTOV(ARGS + 1) + 1;
     dsk->part = 0;
     dsk->start = 0;
-    dsk->size = 0;
+    dsk->size = drvsize_ext(dsk);
 
     bootinfo.bi_version = BOOTINFO_VERSION;
     bootinfo.bi_size = sizeof(bootinfo);
@@ -745,7 +751,7 @@ main(void)
 	dsk->slice = 0;
 	dsk->part = 0;
 	dsk->start = 0;
-	dsk->size = 0;
+	dsk->size = drvsize_ext(dsk);
 	probe_drive(dsk);
     }