[Bug 263853] geom(4): raid/md_jmicron.c: jmicron RAID taste code can panic if conf is garbage
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 May 2022 15:07:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263853
--- Comment #5 from Mark Johnston <markj@FreeBSD.org> ---
Looks like there are several problems here. First, the tasting code assumes
that disk IDs are non-zero, since jmicron_meta_total_disks() terminates its
search when an array entry is zero. disk_ids seem to be assigned using
arc4random(), so most of the time they'll be non-zero. :)
jmicron_meta_find_disk() skips over zeroed entries though, so it's not
consistent with total_disks().
I see another bug in the jmicron taste routine, in this line:
spare = (disk_pos == -2) ? 1 : 0;
It's impossible for disk_pos to equal -2 here, I suspect it should be -3.
I'm not sure how best to fix all of this. Something like this fixes the test
case, but I'm sure it's incomplete, and could potentially break existing
setups, though I suspect that's unlikely:
diff --git a/sys/geom/raid/md_jmicron.c b/sys/geom/raid/md_jmicron.c
index 939e05f78017..faa7b1cbb40e 100644
--- a/sys/geom/raid/md_jmicron.c
+++ b/sys/geom/raid/md_jmicron.c
@@ -249,6 +249,8 @@ jmicron_meta_find_disk(struct jmicron_raid_conf *meta,
uint32_t id)
int pos;
id &= JMICRON_DISK_MASK;
+ if (id == 0)
+ return (-1);
for (pos = 0; pos < JMICRON_MAX_DISKS; pos++) {
if ((meta->disks[pos] & JMICRON_DISK_MASK) == id)
return (pos);
--
You are receiving this mail because:
You are on the CC list for the bug.