Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 2 Aug 2012 15:05:34 +0000 (UTC)
From:      Jaakko Heinonen <jh@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r238991 - head/sys/dev/md
Message-ID:  <201208021505.q72F5Y8j093930@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jh
Date: Thu Aug  2 15:05:34 2012
New Revision: 238991
URL: http://svn.freebsd.org/changeset/base/238991

Log:
  Disallow sectorsize larger than MAXPHYS and mediasize smaller than
  sectorsize.
  
  PR:		169947
  Submitted by:	Filip Palian (original version)
  Reviewed by:	kib

Modified:
  head/sys/dev/md/md.c

Modified: head/sys/dev/md/md.c
==============================================================================
--- head/sys/dev/md/md.c	Thu Aug  2 13:57:49 2012	(r238990)
+++ head/sys/dev/md/md.c	Thu Aug  2 15:05:34 2012	(r238991)
@@ -1090,7 +1090,7 @@ mdresize(struct md_s *sc, struct md_ioct
 	case MD_VNODE:
 		break;
 	case MD_SWAP:
-		if (mdio->md_mediasize == 0 ||
+		if (mdio->md_mediasize <= 0 ||
 		    (mdio->md_mediasize % PAGE_SIZE) != 0)
 			return (EDOM);
 		oldpages = OFF_TO_IDX(round_page(sc->mediasize));
@@ -1148,7 +1148,7 @@ mdcreate_swap(struct md_s *sc, struct md
 	 * Range check.  Disallow negative sizes or any size less then the
 	 * size of a page.  Then round to a page.
 	 */
-	if (sc->mediasize == 0 || (sc->mediasize % PAGE_SIZE) != 0)
+	if (sc->mediasize <= 0 || (sc->mediasize % PAGE_SIZE) != 0)
 		return (EDOM);
 
 	/*
@@ -1189,6 +1189,7 @@ xmdctlioctl(struct cdev *dev, u_long cmd
 	struct md_ioctl *mdio;
 	struct md_s *sc;
 	int error, i;
+	unsigned sectsize;
 
 	if (md_debug)
 		printf("mdctlioctl(%s %lx %p %x %p)\n",
@@ -1217,6 +1218,12 @@ xmdctlioctl(struct cdev *dev, u_long cmd
 		default:
 			return (EINVAL);
 		}
+		if (mdio->md_sectorsize == 0)
+			sectsize = DEV_BSIZE;
+		else
+			sectsize = mdio->md_sectorsize;
+		if (sectsize > MAXPHYS || mdio->md_mediasize < sectsize)
+			return (EINVAL);
 		if (mdio->md_options & MD_AUTOUNIT)
 			sc = mdnew(-1, &error, mdio->md_type);
 		else {
@@ -1229,10 +1236,7 @@ xmdctlioctl(struct cdev *dev, u_long cmd
 		if (mdio->md_options & MD_AUTOUNIT)
 			mdio->md_unit = sc->unit;
 		sc->mediasize = mdio->md_mediasize;
-		if (mdio->md_sectorsize == 0)
-			sc->sectorsize = DEV_BSIZE;
-		else
-			sc->sectorsize = mdio->md_sectorsize;
+		sc->sectorsize = sectsize;
 		error = EDOOFUS;
 		switch (sc->type) {
 		case MD_MALLOC:
@@ -1282,6 +1286,8 @@ xmdctlioctl(struct cdev *dev, u_long cmd
 		sc = mdfind(mdio->md_unit);
 		if (sc == NULL)
 			return (ENOENT);
+		if (mdio->md_mediasize < sc->sectorsize)
+			return (EINVAL);
 		if (mdio->md_mediasize < sc->mediasize &&
 		    !(sc->flags & MD_FORCE) &&
 		    !(mdio->md_options & MD_FORCE))



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201208021505.q72F5Y8j093930>