Page MenuHomeFreeBSD

Audit userspace geom code for leaking memory to disk
ClosedPublic

Authored by cem on Sep 7 2017, 4:28 PM.
Tags
None
Referenced Files
F106076319: D12269.diff
Wed, Dec 25, 12:09 AM
Unknown Object (File)
Fri, Dec 6, 4:53 PM
Unknown Object (File)
Mon, Dec 2, 12:32 PM
Unknown Object (File)
Mon, Dec 2, 9:52 AM
Unknown Object (File)
Mon, Dec 2, 9:52 AM
Unknown Object (File)
Mon, Dec 2, 9:47 AM
Unknown Object (File)
Mon, Dec 2, 9:47 AM
Unknown Object (File)
Mon, Dec 2, 12:44 AM

Details

Summary

Any geom class using g_metadata_store, as well as geom_virstor which duplicated
g_metadata_store internally, would dump sectorsize - mdsize bytes of userspace
memory following the metadata block stored. This is most or all geom classes
(gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath, graid3, gshsec,
gstripe, and geom_virstor).

PR is public so there is no point cloak-and-daggering this review. Security
team individuals are marked as reviewers.

PR: 222077

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sbin/geom/class/part/geom_part.c
1277 ↗(On Diff #32768)

Oops. I see this change was unnecessary. I'll revert it.

cem marked an inline comment as done.

Drop unnecessary vtoc8 check. An appropriate check for that was already
present.

This revision is now accepted and ready to land.Sep 8 2017, 8:18 AM
This revision was automatically updated to reflect the committed changes.