From owner-svn-src-head@FreeBSD.ORG Tue Feb 17 23:14:27 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1AD0B35D; Tue, 17 Feb 2015 23:14:27 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0675D3C5; Tue, 17 Feb 2015 23:14:27 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t1HNEQ1x000252; Tue, 17 Feb 2015 23:14:26 GMT (envelope-from jmg@FreeBSD.org) Received: (from jmg@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t1HNEQVs000251; Tue, 17 Feb 2015 23:14:26 GMT (envelope-from jmg@FreeBSD.org) Message-Id: <201502172314.t1HNEQVs000251@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: jmg set sender to jmg@FreeBSD.org using -f From: John-Mark Gurney Date: Tue, 17 Feb 2015 23:14:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r278927 - head/sys/dev/random X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 23:14:27 -0000 Author: jmg Date: Tue Feb 17 23:14:26 2015 New Revision: 278927 URL: https://svnweb.freebsd.org/changeset/base/278927 Log: Fix a bug where this function overflowed it's buffer... This was causing ZFS panics on boot... This is purely reviewed and tested by peter. Reviewed by: peter Approved by: so (implicit), peter Modified: head/sys/dev/random/yarrow.c Modified: head/sys/dev/random/yarrow.c ============================================================================== --- head/sys/dev/random/yarrow.c Tue Feb 17 23:13:45 2015 (r278926) +++ head/sys/dev/random/yarrow.c Tue Feb 17 23:14:26 2015 (r278927) @@ -432,6 +432,7 @@ reseed(u_int fastslow) void random_yarrow_read(uint8_t *buf, u_int bytecount) { + uint8_t tbuf[BLOCKSIZE]; u_int blockcount, i; /* Check for initial/final read requests */ @@ -448,8 +449,15 @@ random_yarrow_read(uint8_t *buf, u_int b yarrow_state.outputblocks = 0; } uint128_increment(&yarrow_state.counter.whole); - randomdev_encrypt(&yarrow_state.key, yarrow_state.counter.byte, buf, BLOCKSIZE); - buf += BLOCKSIZE; + if ((i + 1) * BLOCKSIZE > bytecount) { + randomdev_encrypt(&yarrow_state.key, + yarrow_state.counter.byte, tbuf, BLOCKSIZE); + memcpy(buf, tbuf, bytecount - i * BLOCKSIZE); + } else { + randomdev_encrypt(&yarrow_state.key, + yarrow_state.counter.byte, buf, BLOCKSIZE); + buf += BLOCKSIZE; + } } mtx_unlock(&random_reseed_mtx);