Page MenuHomeFreeBSD

libsa: Fix infinite loop in bzipfs & gzipfs
ClosedPublic

Authored by dab on May 24 2021, 5:27 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Sep 4, 6:32 AM
Unknown Object (File)
Sat, Aug 24, 3:30 AM
Unknown Object (File)
Sat, Aug 24, 3:29 AM
Unknown Object (File)
Sat, Aug 24, 3:29 AM
Unknown Object (File)
Sat, Aug 24, 3:29 AM
Unknown Object (File)
Sat, Aug 24, 3:29 AM
Unknown Object (File)
Sat, Aug 24, 2:57 AM
Unknown Object (File)
Sat, Aug 24, 12:54 AM
Subscribers

Details

Summary

A bug in the loader's bzipfs & gzipfs filesystems caused compressed
kernel and modules not to work on EFI systems with a veriexec-enabled
loader. Since the size of files in these filesystems are not known
_a priori_ stat would initialize the size to -1 and the loader would
then hang in an infinite loop while trying to seek (read) to the end
of file since the loop termination condition compares the current
offset to that negative target position.

Sponsored by: Dell Technologies | Isilon
MFC to: stable/12, stable/13
MFC after: 1 week

Test Plan

Tested at $WORK. Basically, booting a veriexec-enabled loader with
the current code and compressed kernel or modules would hang. Booting
with compressed kernel or modules and the modified code would not
hang.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dab requested review of this revision.May 24 2021, 5:27 PM
dab edited the test plan for this revision. (Show Details)
This revision is now accepted and ready to land.May 25 2021, 10:16 AM
stand/libsa/bzipfs.c
344

I believe you mean bzf->bzf_endseen.

dab edited the test plan for this revision. (Show Details)
  • Fix typo
This revision now requires review to proceed.May 25 2021, 10:03 PM
dab marked an inline comment as done.May 25 2021, 10:04 PM
dab added inline comments.
stand/libsa/bzipfs.c
344

Not sure how that compiled...

dab marked an inline comment as done.May 25 2021, 10:08 PM
This revision is now accepted and ready to land.May 25 2021, 10:09 PM
stand/libsa/bzipfs.c
346

Does this get set with the last readable block of data, or after the readable block of data?

stand/libsa/bzipfs.c
346

It is set on the read where the data decompression returns the end-of-stream marker.

This revision was automatically updated to reflect the committed changes.