libgeom: Fix segfault in 32-on-64 case
ClosedPublic
Actions

Authored by des on Fri, Jan 2, 12:26 PM.

Details

Reviewers

jhb
markj
mav
imp

Commits

rG27894e20f140: libgeom: Fix segfault in 32-on-64 case

Summary

We were using strtoul() to parse object identifiers, which are kernel
pointers. This works fine as long as the kernel and userland match,
but in a 32-bit libgeom on a 64-bit kernel this will return ULONG_MAX
for all objects, resulting in memory corruption when we later pick the
wrong object while resolving consumer-producer references.

MFC after: 1 week
PR: 292127

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

des created this revision.Fri, Jan 2, 12:26 PM

Herald added a subscriber: imp. · View Herald TranscriptFri, Jan 2, 12:26 PM

des requested review of this revision.Fri, Jan 2, 12:26 PM

Harbormaster completed remote builds in B69569: Diff 168874.Fri, Jan 2, 12:26 PM

des added a child revision: D54453: libgeom: Clean up xml2tree code.Fri, Jan 2, 12:26 PM

imp accepted this revision.Fri, Jan 2, 1:07 PM

This revision is now accepted and ready to land.Fri, Jan 2, 1:07 PM

Looking at the history, a fix in this area was tried 13 years ago and reverted for breaking devstat use. 12 years ago the below type of fix was committed instead and then reverted, sighting lessons learned from the prior attempt.

devstat may need to be tested with this change in place.

emaste added a subscriber: emaste.Fri, Jan 2, 8:25 PM

We're still truncating to a 32-bit void * so the opportunity for a bugs remain (even if in practice it's essentially impossible). I think it's at least worth a comment in the src explaining why the truncation is acceptable.

Closed by commit rG27894e20f140: libgeom: Fix segfault in 32-on-64 case (authored by des). · Explain WhySat, Jan 3, 9:11 AM

This revision was automatically updated to reflect the committed changes.

des added a commit: rG27894e20f140: libgeom: Fix segfault in 32-on-64 case.