From owner-dev-commits-src-branches@freebsd.org  Wed Jun  9 16:16:45 2021
Return-Path: <owner-dev-commits-src-branches@freebsd.org>
Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3C457650307;
 Wed,  9 Jun 2021 16:16:45 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4G0XL51DDHz4ryV;
 Wed,  9 Jun 2021 16:16:45 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 11ECD1F429;
 Wed,  9 Jun 2021 16:16:45 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 159GGiGO044447;
 Wed, 9 Jun 2021 16:16:44 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 159GGiCe044446;
 Wed, 9 Jun 2021 16:16:44 GMT (envelope-from git)
Date: Wed, 9 Jun 2021 16:16:44 GMT
Message-Id: <202106091616.159GGiCe044446@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: David Bright <dab@FreeBSD.org>
Subject: git: 80a5d786a3cd - stable/12 - libsa: Fix infinite loop in bzipfs &
 gzipfs
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: dab
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/12
X-Git-Reftype: branch
X-Git-Commit: 80a5d786a3cdee6b6d2dbf6c2d8037a19d2fd9be
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-branches@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the stable branches of the FreeBSD src repository
 <dev-commits-src-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-branches/>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Help: <mailto:dev-commits-src-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jun 2021 16:16:45 -0000

The branch stable/12 has been updated by dab:

URL: https://cgit.FreeBSD.org/src/commit/?id=80a5d786a3cdee6b6d2dbf6c2d8037a19d2fd9be

commit 80a5d786a3cdee6b6d2dbf6c2d8037a19d2fd9be
Author:     David Bright <dab@FreeBSD.org>
AuthorDate: 2021-05-24 17:12:15 +0000
Commit:     David Bright <dab@FreeBSD.org>
CommitDate: 2021-06-09 16:15:33 +0000

    libsa: Fix infinite loop in bzipfs & gzipfs
    
    A bug in the loader's bzipfs & gzipfs filesystems caused compressed
    kernel and modules not to work on EFI systems with a veriexec-enabled
    loader. Since the size of files in these filesystems are not known
    _a priori_ `stat` would initialize the size to -1 and the loader would
    then hang in an infinite loop while trying to seek (read) to the end
    of file since the loop termination condition compares the current
    offset to that negative target position.
    
    Sponsored by:   Dell EMC Isilon
    
    (cherry picked from commit 3df4c387d2e3ca4c2391fb837540b048f60a11c2)
---
 stand/libsa/bzipfs.c | 3 +++
 stand/libsa/gzipfs.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/stand/libsa/bzipfs.c b/stand/libsa/bzipfs.c
index 47380ae72e5e..bb67bda2aa19 100644
--- a/stand/libsa/bzipfs.c
+++ b/stand/libsa/bzipfs.c
@@ -340,6 +340,9 @@ bzf_seek(struct open_file *f, off_t offset, int where)
 	    target - bzf->bzf_bzstream.total_out_lo32), NULL);
 	if (errno)
 	    return(-1);
+	/* Break out of loop if end of file has been reached. */
+	if (bzf->bzf_endseen)
+	    break;
     }
     /* This is where we are (be honest if we overshot) */
     return(bzf->bzf_bzstream.total_out_lo32);
diff --git a/stand/libsa/gzipfs.c b/stand/libsa/gzipfs.c
index 39e2f98eb1e0..8154b0f95a9a 100644
--- a/stand/libsa/gzipfs.c
+++ b/stand/libsa/gzipfs.c
@@ -315,6 +315,9 @@ zf_seek(struct open_file *f, off_t offset, int where)
 	    target - zf->zf_zstream.total_out), NULL);
 	if (errno)
 	    return(-1);
+	/* Break out of loop if end of file has been reached. */
+	if (zf->zf_endseen)
+	    break;
     }
     /* This is where we are (be honest if we overshot) */
     return(zf->zf_zstream.total_out);