git: ad1f936ab7e4 - main - Reject providers with too small a size for metadata

From: Warner Losh <imp_at_FreeBSD.org>
Date: Sun, 20 Apr 2025 19:30:58 UTC
The branch main has been updated by imp:

URL: https://cgit.FreeBSD.org/src/commit/?id=ad1f936ab7e497926e46079de8df7407ab123213

commit ad1f936ab7e497926e46079de8df7407ab123213
Author:     Rose <gfunni234@gmail.com>
AuthorDate: 2025-04-16 22:35:20 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2025-04-20 19:30:41 +0000

    Reject providers with too small a size for metadata
    
    Otherwise, if a misbehaving device claims a sectorsize smaller than 256, the
    memcpy will overflow the allocated buffer, since sizeof(*meta) is 256.
    
    Signed-off-by: Rose <gfunni234@gmail.com>
    Reviewed by: imp
    Pull Request: https://github.com/freebsd/freebsd-src/pull/1668
---
 sys/geom/raid/md_sii.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sys/geom/raid/md_sii.c b/sys/geom/raid/md_sii.c
index a340e8e49846..7019d48f42b4 100644
--- a/sys/geom/raid/md_sii.c
+++ b/sys/geom/raid/md_sii.c
@@ -921,6 +921,13 @@ g_raid_md_taste_sii(struct g_raid_md_object *md, struct g_class *mp,
 	mdi = (struct g_raid_md_sii_object *)md;
 	pp = cp->provider;
 
+	/* Explicitly reject providers with too small sector size */
+	if (pp->sectorsize < sizeof(struct sii_raid_conf)) {
+		G_RAID_DEBUG(1, "SiI sector size too small on %s: %u < %zu",
+		    pp->name, pp->sectorsize, sizeof(struct sii_raid_conf));
+		return (G_RAID_MD_TASTE_FAIL);
+	}
+
 	/* Read metadata from device. */
 	meta = NULL;
 	g_topology_unlock();