Page MenuHomeFreeBSD
Differential D48378

ffs_reallocblks(): ensure that pref cg is valid
ClosedPublic
Actions

Authored by kib on Jan 7 2025, 9:42 PM.
Tags
None
Referenced Files
F157996411: D48378.id.diff
Wed, May 27, 7:39 AM
Unknown Object (File)
Wed, May 27, 12:06 AM
Unknown Object (File)
Tue, May 26, 11:42 PM
Unknown Object (File)
Mon, May 25, 11:26 AM
Unknown Object (File)
Sat, May 23, 5:31 PM
Unknown Object (File)
Sun, May 17, 10:50 PM
Unknown Object (File)
Sun, May 17, 10:49 PM
Unknown Object (File)
Sun, May 17, 10:49 PM
View All 84 Files
Subscribers
imp
pho

Details

Reviewers
mckusick
chs
Commits
rGdc37121d3210: ffs_reallocblks(): ensure that pref cg is valid
rGa57a2c01aacc: ffs_blkpref_ufsX(): do not iterate over startcg twice
Summary
ffs_blkpref_ufsX() must return in-range pref frag number, otherwise
calculated cg index is out of range for fs, causing out of range
accesses to the structures sized by the number of cg, e.g. the
fs_maxcluster[] array in ffs_clusteralloc().

The easiest way to trigger it is to overflow the volume.

ffs_blkpref_ufsX(): do not iterate over startcg twice

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Jan 7 2025, 9:42 PM
Herald added a subscriber: imp. · View Herald TranscriptJan 7 2025, 9:42 PM
kib requested review of this revision.Jan 7 2025, 9:42 PM
kib added reviewers: mckusick, chs.Jan 10 2025, 4:10 PM
mckusick accepted this revision.Jan 13 2025, 5:04 AM

These changes look correct to me. I am surprised that it has taken this long to trip over this error case.

This revision is now accepted and ready to land.Jan 13 2025, 5:04 AM
Closed by commit rGdc37121d3210: ffs_reallocblks(): ensure that pref cg is valid (authored by kib). · Explain WhyJan 13 2025, 7:24 PM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rGdc37121d3210: ffs_reallocblks(): ensure that pref cg is valid.
kib added a commit: rGa57a2c01aacc: ffs_blkpref_ufsX(): do not iterate over startcg twice.

Revision Contents
Changeset List

PathSize
sys/
ufs/
ffs/
27 lines

Diff 149202

View Options

sys/ufs/ffs/ffs_alloc.c

Loading...