330737 |
10-Mar-2018 |
asomers |
MFC r323314, r323338, r328849
r323314: Audit userspace geom code for leaking memory to disk
Any geom class using g_metadata_store, as well as geom_virstor which duplicated g_metadata_store internally, would dump sectorsize - mdsize bytes of userspace memory following the metadata block stored. This is most or all geom classes (gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath, graid3, gshsec, gstripe, and geom_virstor).
PR: 222077 (comment #3) Reported by: Maxim Khitrov <max AT mxcrypt.com> Reviewed by: des Security: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12269
r323338: Fix information leak in geli(8) integrity mode
In integrity mode, a larger logical sector (e.g., 4096 bytes) spans several physical sectors (e.g., 512 bytes) on the backing device. Due to hash overhead, a 4096 byte logical sector takes 8.5625 512-byte physical sectors. This means that only 288 bytes (256 data + 32 hash) of the last 512 byte sector are used.
The memory allocation used to store the encrypted data to be written to the physical sectors comes from malloc(9) and does not use M_ZERO.
Previously, nothing initialized the final physical sector backing each logical sector, aside from the hash + encrypted data portion. So 224 bytes of kernel heap memory was leaked to every block :-(.
This patch addresses the issue by initializing the trailing portion of the physical sector in every logical sector to zeros before use. A much simpler but higher overhead fix would be to tag the entire allocation M_ZERO.
PR: 222077 Reported by: Maxim Khitrov <max AT mxcrypt.com> Reviewed by: emaste Security: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12272
r328849: geom: don't write stack garbage in disk labels
Most consumers of g_metadata_store were passing in partially unallocated memory, resulting in stack garbage being written to disk labels. Fix them by zeroing the memory first.
gvirstor repeated the same mistake, but in the kernel.
Also, glabel's label contained a fixed-size string that wasn't initialized to zero.
PR: 222077 Reported by: Maxim Khitrov <max@mxcrypt.com> Reviewed by: cem X-MFC-With: 323314 X-MFC-With: 323338 Differential Revision: https://reviews.freebsd.org/D14164 |
306765 |
06-Oct-2016 |
mav |
MFC r306279: Use g_wither_provider() where applicable.
It is just a helper function combining G_PF_WITHER setting with g_orphan_provider(). |
299397 |
11-May-2016 |
pfg |
MFC r298698: geom: unsign some types to match their definitions and avoid overflows.
In struct:gctl_req, nargs is unsigned.
In mirror: g_mirror_syncreqs is unsigned.
In raid: in struct:g_raid_volume, v_disks_count is unsigned.
In virstor: in struct:g_virstor_softc, n_components is unsigned. |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
239021 |
03-Aug-2012 |
jimharris |
In virstor_ctl_stop(), check for a valid softc before trying to update metadata.
Sponsored by: Intel Reported and tested by: Marcelo Gondim <gondim at bsdinfo dot com dot br> PR: kern/170199 MFC after: 3 days
|
227309 |
07-Nov-2011 |
ed |
Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.
The SYSCTL_NODE macro defines a list that stores all child-elements of that node. If there's no SYSCTL_DECL macro anywhere else, there's no reason why it shouldn't be static.
|
223921 |
11-Jul-2011 |
ae |
Include sys/sbuf.h directly.
Reviewed by: pjd
|
221101 |
27-Apr-2011 |
mav |
Implement relaxed comparision for hardcoded provider names to make it ignore adX/adaY difference in both directions to simplify migration to the CAM-based ATA or back.
|
219029 |
25-Feb-2011 |
netchild |
Add some FEATURE macros for various GEOM classes.
No FreeBSD version bump, the userland application to query the features will be committed last and can serve as an indication of the availablility if needed.
Sponsored by: Google Summer of Code 2010 Submitted by: kibab Reviewed by: silence on geom@ during 2 weeks X-MFC after: to be determined in last commit with code from this project
|
213662 |
09-Oct-2010 |
ae |
Replace strlen(_PATH_DEV) with sizeof(_PATH_DEV) - 1.
Suggested by: kib Approved by: kib (mentor) MFC after: 5 days
|
203408 |
02-Feb-2010 |
delphij |
Prevent NULL deference by checking return value of gctl_get_asciiparam.
MFC after: 2 weeks
|
202987 |
25-Jan-2010 |
ivoras |
Go through with write_metadata() non-error-handling and make it return "void". This is mostly to avoid dead variable assignment warning by LLVM. No functional change.
Pointed out by: trasz Approved by: gnn (mentor)
|
180120 |
30-Jun-2008 |
delphij |
Avoid NULL deference.
Reviewed by: ivoras
|
172304 |
23-Sep-2007 |
pjd |
LINT compiled just fine for me, but it seems it breaks tinerbox way of compiling LINT.
Approved by: re (implicitly)
|
172302 |
23-Sep-2007 |
pjd |
Bring in the GEOM Virtualisation class, which allows to create huge GEOM providers with limited physical storage and add physical storage as needed.
Submitted by: Ivan Voras Sponsored by: Google Summer of Code 2006 Approved by: re (kensmith)
|