From owner-svn-src-all@freebsd.org Tue Jan 30 05:23:35 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2C49ED9D10; Tue, 30 Jan 2018 05:23:34 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-lf0-x243.google.com (mail-lf0-x243.google.com [IPv6:2a00:1450:4010:c07::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 558427C28B; Tue, 30 Jan 2018 05:23:34 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-lf0-x243.google.com with SMTP id t79so13427550lfe.3; Mon, 29 Jan 2018 21:23:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=qcK8EbV40ZqR2zTuYTxWOMEVG0P4bfDslXkQDtjueTo=; b=SJS8aQr5iabF+hp2toVG8XCOAotRkXYgWzxbG0Fo3R6xOALk8chG9/cXJhrVBzcJz6 QtXcmya9KFxSmvXGj49X5UsCPCgSJbutgjRo0+GX9ZZoV117Y9fBZzWBeVwn1FSLVH2l OD2COU1As9EY10XhrY+Mb01AQ0cfW72FO77LdfmiSS4zcBgggVeRlhj7bgaq3YfjRORm x39y3fTLIZ3R243NE96pK3NkH5H1jBq6JDQSObWR4MvChSEI5X3x0lazt19MpnHeo3aZ W2yFPaSnN+sXNxjdV0fE44ZxSt3XSuX4kyd2TSv62kwrLQ9EM7a2OrxqvQsTEnDQR+qb Ei8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=qcK8EbV40ZqR2zTuYTxWOMEVG0P4bfDslXkQDtjueTo=; b=TQX8R1+ZFBeEBnxTsUtzvQeZ78zIB7hH4l4sdiu+RLIWHFkgQTqgUL5gUuvsO7Z/iy cdZ1O97CWs/b5M/QF9bdoc/FMGptF+ZqYQb8hTKP7rpd1phblWUHdLEzWs4hS1BfQkXk BZerCifNk6IAE6p5xCj8Tjj//AVICMeBJjSDFuuTDxmPsCJJyVVwsNVghJtloK3fz5B0 mX7t1X9FGfVkQiVBcXZOplPGqlV5U4eaWg/YT13ycNvRLywy3y60CHdnbYuW5hNYooKb 9igtscI69a/wRMMHMPaEaOnJNq8zmixJUjm4S/fDuu5Eqop0qjlT3AOqyyLQRnvYXeHf tT/Q== X-Gm-Message-State: AKwxytep99sAte+Gc08IOWCzUEceZhTHLj2luIsbvZLFX4YYWOXbYh4W yfvUte6e0JLc5U1AHzS3aa0sf5dFTF6rHyCQwK4= X-Google-Smtp-Source: AH8x227C3gNqUkCygahLZ3XMHFoU19IKC2+PeCtUyxjTksYkPkMMTtGo3RvoQ9x+l36DV2MSI1h7d9IZzEZDsJLQerM= X-Received: by 10.25.225.215 with SMTP id l84mr14690046lfk.110.1517289812575; Mon, 29 Jan 2018 21:23:32 -0800 (PST) MIME-Version: 1.0 Sender: asomers@gmail.com Received: by 10.179.87.131 with HTTP; Mon, 29 Jan 2018 21:23:31 -0800 (PST) In-Reply-To: <201709081508.v88F8IaB085346@repo.freebsd.org> References: <201709081508.v88F8IaB085346@repo.freebsd.org> From: Alan Somers Date: Mon, 29 Jan 2018 22:23:31 -0700 X-Google-Sender-Auth: jVRbv7H8JCZDtEGqFH6vYa7nv3g Message-ID: Subject: Re: svn commit: r323314 - in head/sbin/geom: class/virstor misc To: Conrad Meyer Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Jan 2018 05:23:35 -0000 On Fri, Sep 8, 2017 at 9:08 AM, Conrad Meyer wrote: > Author: cem > Date: Fri Sep 8 15:08:17 2017 > New Revision: 323314 > URL: https://svnweb.freebsd.org/changeset/base/323314 > > Log: > Audit userspace geom code for leaking memory to disk > > Any geom class using g_metadata_store, as well as geom_virstor which > duplicated g_metadata_store internally, would dump sectorsize - mdsize > bytes > of userspace memory following the metadata block stored. This is most or > all > geom classes (gcache, gconcat, geli, gjournal, glabel, gmirror, > gmultipath, > graid3, gshsec, gstripe, and geom_virstor). > > PR: 222077 (comment #3) > Reported by: Maxim Khitrov > Reviewed by: des > Security: yes > Sponsored by: Dell EMC Isilon > Differential Revision: https://reviews.freebsd.org/D12269 > > Modified: > head/sbin/geom/class/virstor/geom_virstor.c > head/sbin/geom/misc/subr.c > The problem is real, but the change doesn't completely fix the problem. The problem is that classes don't use g_metadata_store the way you assumed. Instead of the size argument indicating the useful portion of the label, most if not all classes use it to indicate the size of their buffer, and they pass in a buffer that hasn't been bzero()ed. Fixing this bug will require changes to each class. For example, geom_label.c creates a 512B buffer, initializes the first 44 bytes, then calls g_metadata_store with size=512. I'll work on a fix tomorrow. -Alan