ffs_reallocblks(): ensure that pref cg is valid
Needs ReviewPublic
Actions

Authored by kib on Tue, Jan 7, 9:42 PM.

Details

Reviewers: None

Summary

ffs_blkpref_ufsX() must return in-range pref frag number, otherwise
calculated cg index is out of range for fs, causing out of range
accesses to the structures sized by the number of cg, e.g. the
fs_maxcluster[] array in ffs_clusteralloc().

The easiest way to trigger it is to overflow the volume.

ffs_blkpref_ufsX(): do not iterate over startcg twice

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kib created this revision.Tue, Jan 7, 9:42 PM

Herald added a subscriber: imp. · View Herald TranscriptTue, Jan 7, 9:42 PM

kib requested review of this revision.Tue, Jan 7, 9:42 PM

Revision Contents
Changeset List

Path

Size

sys/

ufs/

ffs/

ffs_alloc.c

31 lines

Diff 148916

View Options

ffs_reallocblks(): ensure that pref cg is validNeeds ReviewPublicActions