From owner-svn-src-head@freebsd.org Tue Apr 18 15:43:48 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4014D4465B; Tue, 18 Apr 2017 15:43:48 +0000 (UTC) (envelope-from tsoome@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A7E7C1D; Tue, 18 Apr 2017 15:43:48 +0000 (UTC) (envelope-from tsoome@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v3IFhlQ3066344; Tue, 18 Apr 2017 15:43:47 GMT (envelope-from tsoome@FreeBSD.org) Received: (from tsoome@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v3IFhlkQ066343; Tue, 18 Apr 2017 15:43:47 GMT (envelope-from tsoome@FreeBSD.org) Message-Id: <201704181543.v3IFhlkQ066343@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tsoome set sender to tsoome@FreeBSD.org using -f From: Toomas Soome Date: Tue, 18 Apr 2017 15:43:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r317092 - head/sys/boot/zfs X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2017 15:43:48 -0000 Author: tsoome Date: Tue Apr 18 15:43:47 2017 New Revision: 317092 URL: https://svnweb.freebsd.org/changeset/base/317092 Log: loader: zfs reader vdev_probe should check for minimum device size The smallest device we can have in the pool is 64MB, since we are trying to walk all four labels to find the most up to date uberblock, this limit will also give us good method to check if we even should attempt to probe. Enforcing the check also will make sure we are not getting wrapped while calculating the label offset. Also, after label check, we should verify if we actually got any UB or not. PR: 218473 Reported by: Masachika ISHIZUKA Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D10381 Modified: head/sys/boot/zfs/zfsimpl.c Modified: head/sys/boot/zfs/zfsimpl.c ============================================================================== --- head/sys/boot/zfs/zfsimpl.c Tue Apr 18 15:36:13 2017 (r317091) +++ head/sys/boot/zfs/zfsimpl.c Tue Apr 18 15:43:47 2017 (r317092) @@ -929,7 +929,7 @@ vdev_probe(vdev_phys_read_t *_read, void { vdev_t vtmp; vdev_phys_t *vdev_label = (vdev_phys_t *) zap_scratch; - vdev_phys_t *tmp_label = zfs_alloc(sizeof(vdev_phys_t)); + vdev_phys_t *tmp_label; spa_t *spa; vdev_t *vdev, *top_vdev, *pool_vdev; off_t off; @@ -957,6 +957,12 @@ vdev_probe(vdev_phys_read_t *_read, void psize = P2ALIGN(ldi_get_size(read_priv), (uint64_t)sizeof (vdev_label_t)); + /* Test for minimum pool size. */ + if (psize < SPA_MINDEVSIZE) + return (EIO); + + tmp_label = zfs_alloc(sizeof(vdev_phys_t)); + for (l = 0; l < VDEV_LABELS; l++) { off = vdev_label_offset(psize, l, offsetof(vdev_label_t, vl_vdev_phys)); @@ -988,6 +994,9 @@ vdev_probe(vdev_phys_read_t *_read, void zfs_free(tmp_label, sizeof (vdev_phys_t)); + if (best_txg == 0) + return (EIO); + if (vdev_label->vp_nvlist[0] != NV_ENCODE_XDR) return (EIO);