From owner-svn-src-head@freebsd.org Sun Feb 4 14:49:57 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 54B4AED9CA4; Sun, 4 Feb 2018 14:49:57 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E701182932; Sun, 4 Feb 2018 14:49:56 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D2A921B816; Sun, 4 Feb 2018 14:49:56 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w14Enu1N062349; Sun, 4 Feb 2018 14:49:56 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w14EntCw062339; Sun, 4 Feb 2018 14:49:55 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201802041449.w14EntCw062339@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Sun, 4 Feb 2018 14:49:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r328849 - in head: sbin/geom/class/cache sbin/geom/class/concat sbin/geom/class/journal sbin/geom/class/label sbin/geom/class/mirror sbin/geom/class/raid3 sbin/geom/class/shsec sbin/geo... X-SVN-Group: head X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: in head: sbin/geom/class/cache sbin/geom/class/concat sbin/geom/class/journal sbin/geom/class/label sbin/geom/class/mirror sbin/geom/class/raid3 sbin/geom/class/shsec sbin/geom/class/stripe sbin/geom/... X-SVN-Commit-Revision: 328849 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Feb 2018 14:49:57 -0000 Author: asomers Date: Sun Feb 4 14:49:55 2018 New Revision: 328849 URL: https://svnweb.freebsd.org/changeset/base/328849 Log: geom: don't write stack garbage in disk labels Most consumers of g_metadata_store were passing in partially unallocated memory, resulting in stack garbage being written to disk labels. Fix them by zeroing the memory first. gvirstor repeated the same mistake, but in the kernel. Also, glabel's label contained a fixed-size string that wasn't initialized to zero. PR: 222077 Reported by: Maxim Khitrov Reviewed by: cem MFC after: 3 weeks X-MFC-With: 323314 X-MFC-With: 323338 Differential Revision: https://reviews.freebsd.org/D14164 Modified: head/sbin/geom/class/cache/geom_cache.c head/sbin/geom/class/concat/geom_concat.c head/sbin/geom/class/journal/geom_journal.c head/sbin/geom/class/label/geom_label.c head/sbin/geom/class/mirror/geom_mirror.c head/sbin/geom/class/raid3/geom_raid3.c head/sbin/geom/class/shsec/geom_shsec.c head/sbin/geom/class/stripe/geom_stripe.c head/sbin/geom/misc/subr.c head/sys/geom/virstor/g_virstor.c Modified: head/sbin/geom/class/cache/geom_cache.c ============================================================================== --- head/sbin/geom/class/cache/geom_cache.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/cache/geom_cache.c Sun Feb 4 14:49:55 2018 (r328849) @@ -137,6 +137,7 @@ cache_label(struct gctl_req *req) int error, nargs; intmax_t val; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs != 2) { gctl_error(req, "Invalid number of arguments."); Modified: head/sbin/geom/class/concat/geom_concat.c ============================================================================== --- head/sbin/geom/class/concat/geom_concat.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/concat/geom_concat.c Sun Feb 4 14:49:55 2018 (r328849) @@ -119,6 +119,7 @@ concat_label(struct gctl_req *req) const char *name; int error, i, hardcode, nargs; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 2) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/journal/geom_journal.c ============================================================================== --- head/sbin/geom/class/journal/geom_journal.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/journal/geom_journal.c Sun Feb 4 14:49:55 2018 (r328849) @@ -144,6 +144,7 @@ journal_label(struct gctl_req *req) intmax_t jsize, msize, ssize; int error, force, i, nargs, checksum, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); str = NULL; /* gcc */ Modified: head/sbin/geom/class/label/geom_label.c ============================================================================== --- head/sbin/geom/class/label/geom_label.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/label/geom_label.c Sun Feb 4 14:49:55 2018 (r328849) @@ -125,6 +125,7 @@ label_label(struct gctl_req *req) u_char sector[512]; int error, nargs; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs != 2) { gctl_error(req, "Invalid number of arguments."); @@ -145,6 +146,7 @@ label_label(struct gctl_req *req) strlcpy(md.md_magic, G_LABEL_MAGIC, sizeof(md.md_magic)); md.md_version = G_LABEL_VERSION; label = gctl_get_ascii(req, "arg0"); + bzero(md.md_label, sizeof(md.md_label)); strlcpy(md.md_label, label, sizeof(md.md_label)); md.md_provsize = g_get_mediasize(name); if (md.md_provsize == 0) { Modified: head/sbin/geom/class/mirror/geom_mirror.c ============================================================================== --- head/sbin/geom/class/mirror/geom_mirror.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/mirror/geom_mirror.c Sun Feb 4 14:49:55 2018 (r328849) @@ -188,6 +188,7 @@ mirror_label(struct gctl_req *req) intmax_t val; int error, i, nargs, bal, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 2) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/raid3/geom_raid3.c ============================================================================== --- head/sbin/geom/class/raid3/geom_raid3.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/raid3/geom_raid3.c Sun Feb 4 14:49:55 2018 (r328849) @@ -151,6 +151,7 @@ raid3_label(struct gctl_req *req) int hardcode, round_robin, verify; int error, i, nargs; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 4) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/shsec/geom_shsec.c ============================================================================== --- head/sbin/geom/class/shsec/geom_shsec.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/shsec/geom_shsec.c Sun Feb 4 14:49:55 2018 (r328849) @@ -112,6 +112,7 @@ shsec_label(struct gctl_req *req) const char *name; int error, i, nargs, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs <= 2) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/class/stripe/geom_stripe.c ============================================================================== --- head/sbin/geom/class/stripe/geom_stripe.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/class/stripe/geom_stripe.c Sun Feb 4 14:49:55 2018 (r328849) @@ -130,6 +130,7 @@ stripe_label(struct gctl_req *req) const char *name; int error, i, nargs, hardcode; + bzero(sector, sizeof(sector)); nargs = gctl_get_int(req, "nargs"); if (nargs < 3) { gctl_error(req, "Too few arguments."); Modified: head/sbin/geom/misc/subr.c ============================================================================== --- head/sbin/geom/misc/subr.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sbin/geom/misc/subr.c Sun Feb 4 14:49:55 2018 (r328849) @@ -273,6 +273,13 @@ out: return (error); } +/* + * Actually write the GEOM label to the provider + * + * @param name GEOM provider's name (ie "ada0") + * @param md Pointer to the label data to write + * @param size Size of the data pointed to by md + */ int g_metadata_store(const char *name, const unsigned char *md, size_t size) { Modified: head/sys/geom/virstor/g_virstor.c ============================================================================== --- head/sys/geom/virstor/g_virstor.c Sun Feb 4 14:27:12 2018 (r328848) +++ head/sys/geom/virstor/g_virstor.c Sun Feb 4 14:49:55 2018 (r328849) @@ -1042,6 +1042,7 @@ write_metadata(struct g_consumer *cp, struct g_virstor pp = cp->provider; buf = malloc(pp->sectorsize, M_GVIRSTOR, M_WAITOK); + bzero(buf, pp->sectorsize); virstor_metadata_encode(md, buf); g_topology_unlock(); error = g_write_data(cp, pp->mediasize - pp->sectorsize, buf,