From owner-svn-src-all@freebsd.org Sat May 9 12:39:03 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 77FDA2E8720 for ; Sat, 9 May 2020 12:39:03 +0000 (UTC) (envelope-from tsoome@me.com) Received: from st43p00im-ztdg10061801.me.com (st43p00im-ztdg10061801.me.com [17.58.63.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49K6Ff3hyHz3FWC for ; Sat, 9 May 2020 12:39:02 +0000 (UTC) (envelope-from tsoome@me.com) Received: from nazgul.lan (148-52-235-80.sta.estpak.ee [80.235.52.148]) by st43p00im-ztdg10061801.me.com (Postfix) with ESMTPSA id A9E2B8C0AC6; Sat, 9 May 2020 12:38:59 +0000 (UTC) From: Toomas Soome Message-Id: Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: svn commit: r360836 - head/stand/libsa/zfs Date: Sat, 9 May 2020 15:38:57 +0300 In-Reply-To: Cc: src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org, Toomas Soome To: Ronald Klop References: <202005090625.0496PLvc091232@repo.freebsd.org> <2125B6CE-D25F-4BC8-AB13-89C4D01C7150@me.com> X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-09_03:2020-05-08, 2020-05-09 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2002250000 definitions=main-2005090111 X-Rspamd-Queue-Id: 49K6Ff3hyHz3FWC X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.60 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:17.58.0.0/16]; FREEMAIL_FROM(0.00)[me.com]; MV_CASE(0.50)[]; URI_COUNT_ODD(1.00)[13]; RCPT_COUNT_FIVE(0.00)[5]; DKIM_TRACE(0.00)[me.com:+]; DMARC_POLICY_ALLOW(-0.50)[me.com,quarantine]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[me.com]; RCVD_IN_DNSWL_LOW(-0.10)[170.63.58.17.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:714, ipnet:17.58.63.0/24, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[148.52.235.80.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[me.com:s=1a1hai]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; IP_SCORE(0.00)[ip: (-5.29), ipnet: 17.58.63.0/24(-1.77), asn: 714(-2.52), country: US(-0.05)]; IP_SCORE_FREEMAIL(0.00)[]; DWL_DNSWL_LOW(-1.00)[me.com.dwl.dnswl.org : 127.0.5.1]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[170.63.58.17.rep.mailspike.net : 127.0.0.17]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.32 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.32 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 May 2020 12:39:03 -0000 > On 9. May 2020, at 11:23, Ronald Klop wrote: >=20 > On Sat, 09 May 2020 09:25:29 +0200, Toomas Soome > wrote: >=20 >>=20 >>=20 >>> On 9. May 2020, at 09:57, Ronald Klop wrote: >>>=20 >>> Hi Toomas, >>>=20 >>> Could this fix this issue = https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D144234 ? >>>=20 >>> Regards, >>> Ronald. >>=20 >>=20 >> I doubt a bit unless you have GELI encryption or 4kn disk (which we = can not boot with BIOS, only with UEFI). That issue was reported 2010 = agains 9.0? is it still the case? >>=20 >> rgds, >> toomas >=20 >=20 > Clear answer. I don't use the computer I had this problem with = anymore. (It is in the attic somewhere,) And the problem disappeared for = me in 2017 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D144234#c33= ). But = the issue apparently happens for other people in 12.1 still as I read in = the replies to the issue. >=20 > Because of the bogus LBA numbers I suspected some memory corruption. = But never found further evidence for this. >=20 > Regards, > Ronald. Ok, We just need to check such errors case by case. We know pretty well = how to debug those, even if the process can be time consuming. rgds, toomas >=20 >=20 >>>=20 >>>=20 >>> On Sat, 09 May 2020 08:25:21 +0200, Toomas Soome = wrote: >>>=20 >>>> Author: tsoome >>>> Date: Sat May 9 06:25:20 2020 >>>> New Revision: 360836 >>>> URL: https://svnweb.freebsd.org/changeset/base/360836 >>>>=20 >>>> Log: >>>> loader: vdev_read() can corrupt memory >>>> When reading less than sector size but from sector boundary, >>>> the vdev_read() will read full sector into the provided buffer >>>> and therefore corrupting memory past buffer end. >>>> MFC after: 2 days >>>>=20 >>>> Modified: >>>> head/stand/libsa/zfs/zfs.c >>>>=20 >>>> Modified: head/stand/libsa/zfs/zfs.c >>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>>> --- head/stand/libsa/zfs/zfs.c Sat May 9 05:04:02 2020 = (r360835) >>>> +++ head/stand/libsa/zfs/zfs.c Sat May 9 06:25:20 2020 = (r360836) >>>> @@ -418,7 +418,7 @@ vdev_read(vdev_t *vdev, void *priv, off_t = offset, void >>>> full_sec_size -=3D secsz; >>>> /* Return of partial sector data requires a bounce buffer. */ >>>> - if ((head > 0) || do_tail_read) { >>>> + if ((head > 0) || do_tail_read || bytes < secsz) { >>>> bouncebuf =3D malloc(secsz); >>>> if (bouncebuf =3D=3D NULL) { >>>> printf("vdev_read: out of memory\n"); >>>> @@ -442,14 +442,28 @@ vdev_read(vdev_t *vdev, void *priv, off_t = offset, void >>>> outbuf +=3D min(secsz - head, bytes); >>>> } >>>> - /* Full data return from read sectors */ >>>> + /* >>>> + * Full data return from read sectors. >>>> + * Note, there is still corner case where we read >>>> + * from sector boundary, but less than sector size, e.g. reading = 512B >>>> + * from 4k sector. >>>> + */ >>>> if (full_sec_size > 0) { >>>> - res =3D read(fd, outbuf, full_sec_size); >>>> - if (res !=3D full_sec_size) { >>>> - ret =3D EIO; >>>> - goto error; >>>> + if (bytes < full_sec_size) { >>>> + res =3D read(fd, bouncebuf, secsz); >>>> + if (res !=3D secsz) { >>>> + ret =3D EIO; >>>> + goto error; >>>> + } >>>> + memcpy(outbuf, bouncebuf, bytes); >>>> + } else { >>>> + res =3D read(fd, outbuf, full_sec_size); >>>> + if (res !=3D full_sec_size) { >>>> + ret =3D EIO; >>>> + goto error; >>>> + } >>>> + outbuf +=3D full_sec_size; >>>> } >>>> - outbuf +=3D full_sec_size; >>>> } >>>> /* Partial data return from last sector */ >>>> _______________________________________________ >>>> svn-src-all@freebsd.org mailing list >>>> https://lists.freebsd.org/mailman/listinfo/svn-src-all >>>> To unsubscribe, send any mail to = "svn-src-all-unsubscribe@freebsd.org"