Date: Sat, 9 May 2020 15:38:57 +0300 From: Toomas Soome <tsoome@me.com> To: Ronald Klop <ronald-lists@klop.ws> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org, Toomas Soome <tsoome@freebsd.org> Subject: Re: svn commit: r360836 - head/stand/libsa/zfs Message-ID: <B2E78856-6502-49DA-94EC-C9479F9B8214@me.com> In-Reply-To: <op.0kcb9emkkndu52@sjakie> References: <202005090625.0496PLvc091232@repo.freebsd.org> <op.0kb8afh7kndu52@sjakie> <2125B6CE-D25F-4BC8-AB13-89C4D01C7150@me.com> <op.0kcb9emkkndu52@sjakie>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 9. May 2020, at 11:23, Ronald Klop <ronald-lists@klop.ws> wrote: >=20 > On Sat, 09 May 2020 09:25:29 +0200, Toomas Soome <tsoome@me.com = <mailto:tsoome@me.com>> wrote: >=20 >>=20 >>=20 >>> On 9. May 2020, at 09:57, Ronald Klop <ronald-lists@klop.ws> wrote: >>>=20 >>> Hi Toomas, >>>=20 >>> Could this fix this issue = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D144234 ? >>>=20 >>> Regards, >>> Ronald. >>=20 >>=20 >> I doubt a bit unless you have GELI encryption or 4kn disk (which we = can not boot with BIOS, only with UEFI). That issue was reported 2010 = agains 9.0? is it still the case? >>=20 >> rgds, >> toomas >=20 >=20 > Clear answer. I don't use the computer I had this problem with = anymore. (It is in the attic somewhere,) And the problem disappeared for = me in 2017 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D144234#c33= <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D144234#c33>). But = the issue apparently happens for other people in 12.1 still as I read in = the replies to the issue. >=20 > Because of the bogus LBA numbers I suspected some memory corruption. = But never found further evidence for this. >=20 > Regards, > Ronald. Ok, We just need to check such errors case by case. We know pretty well = how to debug those, even if the process can be time consuming. rgds, toomas >=20 >=20 >>>=20 >>>=20 >>> On Sat, 09 May 2020 08:25:21 +0200, Toomas Soome = <tsoome@freebsd.org> wrote: >>>=20 >>>> Author: tsoome >>>> Date: Sat May 9 06:25:20 2020 >>>> New Revision: 360836 >>>> URL: https://svnweb.freebsd.org/changeset/base/360836 >>>>=20 >>>> Log: >>>> loader: vdev_read() can corrupt memory >>>> When reading less than sector size but from sector boundary, >>>> the vdev_read() will read full sector into the provided buffer >>>> and therefore corrupting memory past buffer end. >>>> MFC after: 2 days >>>>=20 >>>> Modified: >>>> head/stand/libsa/zfs/zfs.c >>>>=20 >>>> Modified: head/stand/libsa/zfs/zfs.c >>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>> --- head/stand/libsa/zfs/zfs.c Sat May 9 05:04:02 2020 = (r360835) >>>> +++ head/stand/libsa/zfs/zfs.c Sat May 9 06:25:20 2020 = (r360836) >>>> @@ -418,7 +418,7 @@ vdev_read(vdev_t *vdev, void *priv, off_t = offset, void >>>> full_sec_size -=3D secsz; >>>> /* Return of partial sector data requires a bounce buffer. */ >>>> - if ((head > 0) || do_tail_read) { >>>> + if ((head > 0) || do_tail_read || bytes < secsz) { >>>> bouncebuf =3D malloc(secsz); >>>> if (bouncebuf =3D=3D NULL) { >>>> printf("vdev_read: out of memory\n"); >>>> @@ -442,14 +442,28 @@ vdev_read(vdev_t *vdev, void *priv, off_t = offset, void >>>> outbuf +=3D min(secsz - head, bytes); >>>> } >>>> - /* Full data return from read sectors */ >>>> + /* >>>> + * Full data return from read sectors. >>>> + * Note, there is still corner case where we read >>>> + * from sector boundary, but less than sector size, e.g. reading = 512B >>>> + * from 4k sector. >>>> + */ >>>> if (full_sec_size > 0) { >>>> - res =3D read(fd, outbuf, full_sec_size); >>>> - if (res !=3D full_sec_size) { >>>> - ret =3D EIO; >>>> - goto error; >>>> + if (bytes < full_sec_size) { >>>> + res =3D read(fd, bouncebuf, secsz); >>>> + if (res !=3D secsz) { >>>> + ret =3D EIO; >>>> + goto error; >>>> + } >>>> + memcpy(outbuf, bouncebuf, bytes); >>>> + } else { >>>> + res =3D read(fd, outbuf, full_sec_size); >>>> + if (res !=3D full_sec_size) { >>>> + ret =3D EIO; >>>> + goto error; >>>> + } >>>> + outbuf +=3D full_sec_size; >>>> } >>>> - outbuf +=3D full_sec_size; >>>> } >>>> /* Partial data return from last sector */ >>>> _______________________________________________ >>>> svn-src-all@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/svn-src-all >>>> To unsubscribe, send any mail to = "svn-src-all-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B2E78856-6502-49DA-94EC-C9479F9B8214>