Page MenuHomeFreeBSD
Differential D21232

nandfs: avoid integer overflow in nandfs_get_dat_bdescs_ioctl
ClosedPublic
Actions

Authored by emaste on Aug 12 2019, 4:56 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 2:25 PM
Unknown Object (File)
Mon, Nov 18, 12:48 AM
Unknown Object (File)
Mon, Nov 11, 5:55 AM
Unknown Object (File)
Mon, Nov 11, 5:53 AM
Unknown Object (File)
Mon, Nov 11, 2:37 AM
Unknown Object (File)
Mon, Nov 11, 1:56 AM
Unknown Object (File)
Mon, Nov 11, 1:42 AM
Unknown Object (File)
Oct 20 2024, 3:01 AM
View All 47 Files
Subscribers
None

Details

Reviewers
imp
markj
Commits
rS350903: nandfs: avoid integer overflow in nandfs_get_dat_bdescs_ioctl
Summary

nandfs removed from head in rS349352 but it's still in stable/12 and stable/11

Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste created this revision.Aug 12 2019, 4:56 PM
imp accepted this revision.Aug 12 2019, 5:09 PM

These are fine but (a) you need to have mount privs to execute this ioctl; (b) nandfs is a panic trap due to bad locking and the system can't stay up once there's any vnode pressure at all; and (c) the set of nandfs users is the empty set due to (b). This is not exploitable in any meaningful way.

This revision is now accepted and ready to land.Aug 12 2019, 5:09 PM
emaste added a comment.Aug 12 2019, 5:13 PM
In D21232#461469, @imp wrote:

These are fine but (a) you need to have mount privs to execute this ioctl; (b) nandfs is a panic trap due to bad locking and the system can't stay up once there's any vnode pressure at all; and (c) the set of nandfs users is the empty set due to (b). This is not exploitable in any meaningful way.

and you have to go out of your way to build and run it. But the fix is easier than explaining that we don't care about nandfs.

Closed by commit rS350903: nandfs: avoid integer overflow in nandfs_get_dat_bdescs_ioctl (authored by emaste). · Explain WhyAug 12 2019, 5:25 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rS350903: nandfs: avoid integer overflow in nandfs_get_dat_bdescs_ioctl.
imp added a comment.Aug 12 2019, 5:32 PM
In D21232#461474, @emaste wrote:
In D21232#461469, @imp wrote:

These are fine but (a) you need to have mount privs to execute this ioctl; (b) nandfs is a panic trap due to bad locking and the system can't stay up once there's any vnode pressure at all; and (c) the set of nandfs users is the empty set due to (b). This is not exploitable in any meaningful way.

and you have to go out of your way to build and run it. But the fix is easier than explaining that we don't care about nandfs.

Yup. My feedback was to strongly bias against a SA for this :)

Revision Contents
Changeset List

PathSize
stable/
12/
sys/
fs/
nandfs/
3 lines

Diff 60683

View Options

stable/12/sys/fs/nandfs/nandfs_dat.c

Loading...