Page MenuHomeFreeBSD

Audit userspace geom code for leaking memory to disk
ClosedPublic

Authored by cem on Sep 7 2017, 4:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 6, 4:53 PM
Unknown Object (File)
Mon, Dec 2, 12:32 PM
Unknown Object (File)
Mon, Dec 2, 9:52 AM
Unknown Object (File)
Mon, Dec 2, 9:52 AM
Unknown Object (File)
Mon, Dec 2, 9:47 AM
Unknown Object (File)
Mon, Dec 2, 9:47 AM
Unknown Object (File)
Mon, Dec 2, 12:44 AM
Unknown Object (File)
Thu, Nov 28, 9:43 PM

Details

Summary

Any geom class using g_metadata_store, as well as geom_virstor which duplicated
g_metadata_store internally, would dump sectorsize - mdsize bytes of userspace
memory following the metadata block stored. This is most or all geom classes
(gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath, graid3, gshsec,
gstripe, and geom_virstor).

PR is public so there is no point cloak-and-daggering this review. Security
team individuals are marked as reviewers.

PR: 222077

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 11416
Build 11775: arc lint + arc unit

Event Timeline

sbin/geom/class/part/geom_part.c
1277 ↗(On Diff #32768)

Oops. I see this change was unnecessary. I'll revert it.

cem marked an inline comment as done.

Drop unnecessary vtoc8 check. An appropriate check for that was already
present.

This revision is now accepted and ready to land.Sep 8 2017, 8:18 AM
This revision was automatically updated to reflect the committed changes.