Page MenuHomeFreeBSD

libsa: Fix infinite loop in bzipfs & gzipfs
ClosedPublic

Authored by dab on May 24 2021, 5:27 PM.
Tags
None
Referenced Files
F133504411: D30414.id89738.diff
Sun, Oct 26, 6:39 AM
F133444408: D30414.diff
Sat, Oct 25, 8:35 PM
F133419555: D30414.id89867.diff
Sat, Oct 25, 4:19 PM
Unknown Object (File)
Sat, Oct 25, 12:14 AM
Unknown Object (File)
Fri, Oct 24, 3:31 AM
Unknown Object (File)
Sun, Oct 19, 9:59 AM
Unknown Object (File)
Sat, Oct 18, 5:12 AM
Unknown Object (File)
Thu, Oct 16, 6:44 PM
Subscribers

Details

Summary

A bug in the loader's bzipfs & gzipfs filesystems caused compressed
kernel and modules not to work on EFI systems with a veriexec-enabled
loader. Since the size of files in these filesystems are not known
_a priori_ stat would initialize the size to -1 and the loader would
then hang in an infinite loop while trying to seek (read) to the end
of file since the loop termination condition compares the current
offset to that negative target position.

Sponsored by: Dell Technologies | Isilon
MFC to: stable/12, stable/13
MFC after: 1 week

Test Plan

Tested at $WORK. Basically, booting a veriexec-enabled loader with
the current code and compressed kernel or modules would hang. Booting
with compressed kernel or modules and the modified code would not
hang.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 39384
Build 36273: arc lint + arc unit

Event Timeline

dab requested review of this revision.May 24 2021, 5:27 PM
dab edited the test plan for this revision. (Show Details)
This revision is now accepted and ready to land.May 25 2021, 10:16 AM
stand/libsa/bzipfs.c
344

I believe you mean bzf->bzf_endseen.

dab edited the test plan for this revision. (Show Details)
  • Fix typo
This revision now requires review to proceed.May 25 2021, 10:03 PM
dab marked an inline comment as done.May 25 2021, 10:04 PM
dab added inline comments.
stand/libsa/bzipfs.c
344

Not sure how that compiled...

dab marked an inline comment as done.May 25 2021, 10:08 PM
This revision is now accepted and ready to land.May 25 2021, 10:09 PM
stand/libsa/bzipfs.c
346

Does this get set with the last readable block of data, or after the readable block of data?

stand/libsa/bzipfs.c
346

It is set on the read where the data decompression returns the end-of-stream marker.

This revision was automatically updated to reflect the committed changes.