From nobody Sat Sep 03 21:11:45 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MKnXK4kZsz4bXxs; Sat, 3 Sep 2022 21:11:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MKnXK4Gf0z47ZY; Sat, 3 Sep 2022 21:11:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1662239505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jZ1Vcc6vXEVHuE/S4i46zFEr3vZtMJcvqaPk1j92XwE=; b=xgdyr6004VzCRgc16DGiEhFI76A4tELP4pplyOWHgN6beZGHyl2ZqkBl1GAqYK4Klv3dnm /HxWb4z7dWajcDt4ExBnztPfbJW0xYQBHgHzTaqZT2F1S5AqSr3KjWehO/j3p44siOCEgs ITxmLzUXk5jQ3pDilO37CP0/oHoWhijxIW/YVEQfoMPyrMILzrN+eWHvGXD2pUn+eaUABY IysTPg3nDXqZHcs4/xY9CdqB6oNTPYJ8dX5qL0q8B5jtlJFBQ9lZLjifkq2wMXjOuU/ihZ /QZlk/MOe23EJaQSs17hd+Iu+MHjqcxUJ1G9JJaaudFam+rXcNrB4U6u9Aw4lA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4MKnXK3LMqzGxJ; Sat, 3 Sep 2022 21:11:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 283LBjWa082904; Sat, 3 Sep 2022 21:11:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 283LBj88082903; Sat, 3 Sep 2022 21:11:45 GMT (envelope-from git) Date: Sat, 3 Sep 2022 21:11:45 GMT Message-Id: <202209032111.283LBj88082903@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kirk McKusick Subject: git: 82ee4e1c42d7 - main - Updates to UFS/FFS superblock integrity checks when reading a superblock. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mckusick X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 82ee4e1c42d70345cbaa1f6dd1874ae98a004910 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1662239505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jZ1Vcc6vXEVHuE/S4i46zFEr3vZtMJcvqaPk1j92XwE=; b=n0HcsLs7Y/7F8TPAYOrimaVwWdetugkuM9lThqU5ITia3eihUG896tltzPlZoaUb41Q9xh U+hTGuUdOWSTokeDwbhEBk2ibpDzw7m/o91pnMFtg7gDB8TfhfDIw2oudlEV4TBGF7di2N T8AGydPRemrn/5v4GvM/XPSu1kl1mfGn6mKd4ADKkzVZKHMwqAptpk9NCiEqxyqvBBRlan PXYsPlYJWv8/tsVizmahfL2lMCKcBlgo4/Mnd9kb87Wy4sEtFCz+Vu4DTcW8WMOKE6oN4G SUDmMd3iHxFSs7+XHHFHrMAC2kdteibmcQD5wvj+x2Re3X3pcFuHU03lVu5ZxA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1662239505; a=rsa-sha256; cv=none; b=Sfr2SvuluL6RKGiSeym3rVVQtwvpDDE3qRLjNajIGlO7shJ2X8WX1VptHVXF7VmBoP165o Ih6h2toLjvmprDwSK4dPjghzqfYc1FFO3qWYYjiqShZEu/NBQHTfOy2X8HWcmvnez6LRXr ImmZtvZHNHgLTJmNesrF+jTbYpzxabGZOQ8sl78/2oCn3zSp0rUojnZr6gpNCZXJ0CWWPL sya6HU7ZT5pHQ3Gxu1v1LS4QNq9wyTMt//V4mhdxAigvl8d74f/UkezOCIJMBqEu3CRXq7 fS3N2PUS5+YgDecxx3fMmvW70xh1bUQDh+r5CViR0UefXjKjN5Xbs3s8A7yBvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mckusick: URL: https://cgit.FreeBSD.org/src/commit/?id=82ee4e1c42d70345cbaa1f6dd1874ae98a004910 commit 82ee4e1c42d70345cbaa1f6dd1874ae98a004910 Author: Kirk McKusick AuthorDate: 2022-09-03 21:08:25 +0000 Commit: Kirk McKusick CommitDate: 2022-09-03 21:11:38 +0000 Updates to UFS/FFS superblock integrity checks when reading a superblock. Yet more updates based on ways Peter Holm found to corrupt UFS superblocks in ways that could cause kernel hangs or crashes. No legitimate superblocks should fail as a result of these changes. Reported by: Peter Holm Tested by: Peter Holm Sponsored by: The FreeBSD Foundation --- sys/ufs/ffs/ffs_subr.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/ufs/ffs/ffs_subr.c b/sys/ufs/ffs/ffs_subr.c index b71ebf2a0617..4ffe0412ff69 100644 --- a/sys/ufs/ffs/ffs_subr.c +++ b/sys/ufs/ffs/ffs_subr.c @@ -396,9 +396,6 @@ validate_sblock(struct fs *fs, int flags) FCHK(fs->fs_sblockloc, <, 0, %jd); FCHK(fs->fs_sblockloc, >, SBLOCK_UFS1, %jd); } - FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); - FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); - FCHK(fs->fs_sbsize % fs->fs_fsize, !=, 0, %jd); FCHK(fs->fs_frag, <, 1, %jd); FCHK(fs->fs_frag, >, MAXFRAG, %jd); FCHK(fs->fs_bsize, <, MINBSIZE, %jd); @@ -408,6 +405,9 @@ validate_sblock(struct fs *fs, int flags) FCHK(fs->fs_fsize, <, sectorsize, %jd); FCHK(fs->fs_fsize * fs->fs_frag, !=, fs->fs_bsize, %jd); FCHK(powerof2(fs->fs_fsize), ==, 0, %jd); + FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); + FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); + FCHK(fs->fs_sbsize % fs->fs_fsize, !=, 0, %jd); FCHK(fs->fs_fpg, <, 3 * fs->fs_frag, %jd); FCHK(fs->fs_ncg, <, 1, %jd); FCHK(fs->fs_fsbtodb, !=, ILOG2(fs->fs_fsize / sectorsize), %jd); @@ -482,7 +482,6 @@ validate_sblock(struct fs *fs, int flags) (fs->fs_ipg * fs->fs_ncg) - fs->fs_cstotal.cs_nifree, %jd); FCHK(fs->fs_sbsize, >, SBLOCKSIZE, %jd); FCHK(fs->fs_sbsize, <, (signed)sizeof(struct fs), %jd); - FCHK(fs->fs_sbsize % fs->fs_fsize, !=, 0, %jd); FCHK(fs->fs_maxbsize, <, fs->fs_bsize, %jd); FCHK(powerof2(fs->fs_maxbsize), ==, 0, %jd); FCHK(fs->fs_maxbsize, >, FS_MAXCONTIG * fs->fs_bsize, %jd); @@ -504,6 +503,7 @@ validate_sblock(struct fs *fs, int flags) */ if (error) return (error); + FCHK(fs->fs_sbsize % fs->fs_fsize, !=, 0, %jd); FCHK(fs->fs_ipg % fs->fs_inopb, !=, 0, %jd); FCHK(fs->fs_sblkno, !=, roundup( howmany(fs->fs_sblockloc + SBLOCKSIZE, fs->fs_fsize),