From nobody Mon Nov 21 13:53:29 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NG8494lRZz4j5s9; Mon, 21 Nov 2022 13:53:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NG8493z74z47hb; Mon, 21 Nov 2022 13:53:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1669038809; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SxCkv5fu7MwbfadFrMdpTQwF4XH4ZPxHVVpuHaLUJsI=; b=Ye5E18NBEptPE2pMRApCczCYnRHlKj7v74hB4uFjPjSAElM4hwEneg6fpyx45iGo7CrNVN TV9aPCJdORqNOZcgdh9eLUMf4yif1MJviclc09MSYDbVfJdUfapLg0CY5bcd7vsTLTbPsY fZvZKqWyvTSQOA22HbscNH05S4Z7cAZfC811ej4042abSFTt5GXYf8n9nFJyzkuepXN7k0 AxlfywHDOl2lJXZHPr5fEAqTeuaeVf4QaEZj7O2RCc5wzp+e4PHfaQ6w/ZbwbSAoRZlNzL yHYzQCGT9enRd40Jhr0i2nATRf76quXzputHYk3oHu5uzOaGdcxz3mn5oY2UDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1669038809; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SxCkv5fu7MwbfadFrMdpTQwF4XH4ZPxHVVpuHaLUJsI=; b=WQJ1GbBxFUqWnCJIIzeeumTP2Q4oDUk3zlhAHaRjfcx591I8i47pyx9d9QttwyrV4nMN8x +lR65BW3H2GDP+A1FpeRoCa/5UXCakZTnu5pO/AykwSnRCIoAZ+1CLfkohstYR/tx7wLGF mGt3lHgh3vETSVVcJdRqtjd+XVlWrJ8x+LUHo/Aubcq2WXXKdKas+f+2dgedDvok9ogfMr hKb8b6FizR2ZOYvoygPEsghV4EUvElTVT+kmeAxURdWsPasjGiR9abBol6UiuFZgsl8vAI oZr9t80eBSd1uTaMRS7gb7Ip1HNcgnKGmXmEUVHp7S8n6NNlbV+24ZehU4v2QA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1669038809; a=rsa-sha256; cv=none; b=d1OKUB2ZigbPHP9/eYx2eoMvyR7H0xIto/7IlhrQAX5VNxq+9hjtgfDXe1dvNTZInydpm/ 3lXa3+g3VJHi/oUG+h8C9InMn0Oa9XFpEfAQ+dIJc0cAgQotehKHTtXTdkaIe2jRgld49X qjrBpHmKWjdJjaDRbMBgRHGZT1omvbG7oPG+SewL3L5b0gPkgij8+/EmBzyAyJ1ek7ZoEU C6vMi/KUE5b10Z0sLj17tzqKOJ4f2gGuh079FEklEyINHktb0jL8B40lchd5SUaufSjfym RLwYYOVGOWXaV8zG8hphQM913fxizUeMghsIwEBMEe3wIVU3Acs3Z9Gvw8EI5A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NG8492vklz15f9; Mon, 21 Nov 2022 13:53:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ALDrTuu083520; Mon, 21 Nov 2022 13:53:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ALDrTJk083519; Mon, 21 Nov 2022 13:53:29 GMT (envelope-from git) Date: Mon, 21 Nov 2022 13:53:29 GMT Message-Id: <202211211353.2ALDrTJk083519@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: e8c769b22d42 - stable/13 - geom_part: Check number of GPT entries and size of GPT entry List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: e8c769b22d42fd66d0916e2a04af32ad9d306db1 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=e8c769b22d42fd66d0916e2a04af32ad9d306db1 commit e8c769b22d42fd66d0916e2a04af32ad9d306db1 Author: Zhenlei Huang AuthorDate: 2022-10-18 15:03:02 +0000 Commit: Mark Johnston CommitDate: 2022-11-21 13:49:25 +0000 geom_part: Check number of GPT entries and size of GPT entry Current specification does not have upper limit of the number of partition entries and the size of partition entry. In 799eac8c3df597179bbb3b078362f3ff03993a1a Andrey V. Elsukov introduced a limit maximum number of GPT entries to 4k, but that is for write routine (gpart create) only. When attaching disks that have large number of GPT entries exceeding the limit, or disks with large size of partition entry, it is still possible to exhaust kernel memory. 1. Reuse the limit of the maximum number of partition entries. 2. Limit the maximum size of GPT entry to 1k. In current specification (2.10) the size of GPT entry is 128 * 2^n while n >= 0, and the size - 128 is reserved. 1k should be sufficient enough for foreseen future. PR: 266548 Discussed with: imp Reviewed by: markj MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D36717 (cherry picked from commit 5be5d0d5cb2657d7668f4ca0f8543198cf8d759b) --- sys/geom/part/g_part_gpt.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/sys/geom/part/g_part_gpt.c b/sys/geom/part/g_part_gpt.c index 26274c6ae43f..a42a20683792 100644 --- a/sys/geom/part/g_part_gpt.c +++ b/sys/geom/part/g_part_gpt.c @@ -85,6 +85,7 @@ enum gpt_state { GPT_STATE_MISSING, /* No signature found. */ GPT_STATE_CORRUPT, /* Checksum mismatch. */ GPT_STATE_INVALID, /* Nonconformant/invalid. */ + GPT_STATE_UNSUPPORTED, /* Not supported. */ GPT_STATE_OK /* Perfectly fine. */ }; @@ -148,6 +149,8 @@ static kobj_method_t g_part_gpt_methods[] = { { 0, 0 } }; +#define MAXENTSIZE 1024 + static struct g_part_scheme g_part_gpt_scheme = { "GPT", g_part_gpt_methods, @@ -548,6 +551,11 @@ gpt_read_tbl(struct g_part_gpt_table *table, struct g_consumer *cp, if (hdr == NULL) return (NULL); + if (hdr->hdr_entries > g_part_gpt_scheme.gps_maxent || + hdr->hdr_entsz > MAXENTSIZE) { + table->state[elt] = GPT_STATE_UNSUPPORTED; + return (NULL); + } pp = cp->provider; table->lba[elt] = hdr->hdr_lba_table; @@ -955,10 +963,25 @@ g_part_gpt_read(struct g_part_table *basetable, struct g_consumer *cp) /* Fail if we haven't got any good tables at all. */ if (table->state[GPT_ELT_PRITBL] != GPT_STATE_OK && table->state[GPT_ELT_SECTBL] != GPT_STATE_OK) { - printf("GEOM: %s: corrupt or invalid GPT detected.\n", - pp->name); - printf("GEOM: %s: GPT rejected -- may not be recoverable.\n", - pp->name); + if (table->state[GPT_ELT_PRITBL] == GPT_STATE_UNSUPPORTED && + table->state[GPT_ELT_SECTBL] == GPT_STATE_UNSUPPORTED && + gpt_matched_hdrs(prihdr, sechdr)) { + printf("GEOM: %s: unsupported GPT detected.\n", + pp->name); + printf( + "GEOM: %s: number of GPT entries: %u, entry size: %uB.\n", + pp->name, prihdr->hdr_entries, prihdr->hdr_entsz); + printf( + "GEOM: %s: maximum supported number of GPT entries: %u, entry size: %uB.\n", + pp->name, g_part_gpt_scheme.gps_maxent, MAXENTSIZE); + printf("GEOM: %s: GPT rejected.\n", pp->name); + } else { + printf("GEOM: %s: corrupt or invalid GPT detected.\n", + pp->name); + printf( + "GEOM: %s: GPT rejected -- may not be recoverable.\n", + pp->name); + } if (prihdr != NULL) g_free(prihdr); if (pritbl != NULL)