From nobody Tue Aug 22 09:39:12 2023
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RVPSJ2LT5z4qf7X;
	Tue, 22 Aug 2023 09:39:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RVPSJ1sd3z3CDF;
	Tue, 22 Aug 2023 09:39:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1692697152;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VHw9DxqAzmu+u7UFGC9K+nBzgTDeUcZOaX7NsANJ8Kc=;
	b=Cec2Hg29EA9O/XJYq9IEAgxSp2e/UneVF4eMLnyIMaP6lntD8N8XaIzHOBUp9UbeIwyhtE
	qjIgX+nnr8A6gsyDjZNNhTfu8S11toNlN74YaPXYS615YKfGXn/5zE22nODo6W1cB1LqQU
	ykJXaFid92KmX3RnNBOpbSouWFu2ZJQ7L3Qog6IgHNRTab1bRaiL2b724Z+03QsKwd1Zdh
	rqybA1fp+m/cOvvpC/kNqkX/ZxHK0cMbzeNkY4mg64kfL48yAfds6HHiBr/k6pyegK+M4c
	2E8NoTvgFNwoeJHHyWN+WaQfLsOSJDpoXXoMpjvBbLYiJM2M4DmMO1sVOBVw+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1692697152;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VHw9DxqAzmu+u7UFGC9K+nBzgTDeUcZOaX7NsANJ8Kc=;
	b=ROjb6iAGyNsQ20IP4L3WnJ8sSfCDXfL2P24zTxi7aT1Nhx4S4QOXFSqYmCdJJILP3arr8y
	7staMk5Ds8PUTTTSFg8AKri8/kNHRvIb3zHcdAPFAu5fUz+XimGDuZHutQghNsZvV1ImmD
	5CzKhiJPibpGDs0vsH8xzcmRzQm58q6BUjWlxE7W41ySAHhH030Qb7v40f8k+bhq6W4yx5
	VIiFwY1nDNivfDZ8vxuor3c3xOYHNviR/cmkIZnQz8JQuf0KHlti/ox7ALOS0AUwx2AOHm
	rhvrFMXl6xiRLTwXQ0vb9GlAP3JyczUN+r20cQYgXBIrxit9k9faHYCOA+p2og==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692697152; a=rsa-sha256; cv=none;
	b=Ol0zUzeZilQTj1MMcJyv6MZpyxmH9PRDYkTc7puLKXNPpDWnrH0PGgps96s61FPIpw7zRV
	U82uiVT85Pmow8GUu0RjIzkIPvNHCgKwpeMh3q89DANx1AhJBYjII1F/cm0uJv0+Z013lu
	N4j57MY1C9McU6TPTzTxiZhG66wwu7/6iBJo5T9pXv0Q2GvMaXBYCwNfWBW/gGBCLgEwOI
	+m8Jgmiut12d5UFUCIXC0FRPfGlnUMJ6P/LSwbdLZG0F3wPji/diKnH2w9bFDAj1zKf9cP
	Jeu0GujV2vKbpAgK4Vw8vtrH0J7mt3w08/Oq9sZ0vpB4yjv6SS/F5UK8R91KJQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RVPSJ0x8Fzy3Q;
	Tue, 22 Aug 2023 09:39:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37M9dCiq040669;
	Tue, 22 Aug 2023 09:39:12 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37M9dCn2040666;
	Tue, 22 Aug 2023 09:39:12 GMT
	(envelope-from git)
Date: Tue, 22 Aug 2023 09:39:12 GMT
Message-Id: <202308220939.37M9dCn2040666@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Zhenlei Huang <zlei@FreeBSD.org>
Subject: git: c941b82e1c31 - main - geom_linux_lvm: Check the offset
  of physical volume header
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: zlei
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c941b82e1c31a67a025c43cc7bd31f269fa62588
Auto-Submitted: auto-generated

The branch main has been updated by zlei:

URL: https://cgit.FreeBSD.org/src/commit/?id=c941b82e1c31a67a025c43cc7bd31f269fa62588

commit c941b82e1c31a67a025c43cc7bd31f269fa62588
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2023-08-22 09:20:10 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2023-08-22 09:20:10 +0000

    geom_linux_lvm: Check the offset of physical volume header
    
    The LVM label is stored on any of the first four sectors, and the
    PV (physical volume) header is stored within the same sector following
    the LVM label. The current implementation does not fully check the
    offset of PV header, when attaching a bad formatted LVM PV the kernel
    may crash due to out-of-bounds memory read.
    
    PR:     266562
    Reviewed by:    jhb
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D36773
---
 sys/geom/linux_lvm/g_linux_lvm.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/sys/geom/linux_lvm/g_linux_lvm.c b/sys/geom/linux_lvm/g_linux_lvm.c
index 2e4bbcaa045a..dddc3ae9184e 100644
--- a/sys/geom/linux_lvm/g_linux_lvm.c
+++ b/sys/geom/linux_lvm/g_linux_lvm.c
@@ -67,7 +67,8 @@ static int	g_llvm_read_label(struct g_consumer *, struct g_llvm_label *);
 static int	g_llvm_read_md(struct g_consumer *, struct g_llvm_metadata *,
 		    struct g_llvm_label *);
 
-static int	llvm_label_decode(const u_char *, struct g_llvm_label *, int);
+static int	llvm_label_decode(const u_char *, struct g_llvm_label *,
+		    int, u_int);
 static int	llvm_md_decode(const u_char *, struct g_llvm_metadata *,
 		    struct g_llvm_label *);
 static int	llvm_textconf_decode(u_char *, int,
@@ -637,7 +638,8 @@ g_llvm_read_label(struct g_consumer *cp, struct g_llvm_label *ll)
 
 	/* Search the four sectors for the LVM label. */
 	for (i = 0; i < 4; i++) {
-		error = llvm_label_decode(&buf[i * pp->sectorsize], ll, i);
+		error = llvm_label_decode(&buf[i * pp->sectorsize], ll, i,
+			    pp->sectorsize);
 		if (error == 0)
 			break;	/* found it */
 	}
@@ -703,7 +705,8 @@ g_llvm_read_md(struct g_consumer *cp, struct g_llvm_metadata *md,
 }
 
 static int
-llvm_label_decode(const u_char *data, struct g_llvm_label *ll, int sector)
+llvm_label_decode(const u_char *data, struct g_llvm_label *ll, int sector,
+    u_int sectorsize)
 {
 	uint64_t off;
 	char *uuid;
@@ -728,6 +731,13 @@ llvm_label_decode(const u_char *data, struct g_llvm_label *ll, int sector)
 		return (EINVAL);
 	}
 
+	/* XXX The minimal possible size of physical volume header is 88 */
+	if (ll->ll_offset < 32 || ll->ll_offset > sectorsize - 88) {
+		G_LLVM_DEBUG(0, "Invalid physical volume header offset %u",
+		    ll->ll_offset);
+		return (EINVAL);
+	}
+
 	off = ll->ll_offset;
 	/*
 	 * convert the binary uuid to string format, the format is