system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 10:48:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

g_raid concat: Fail requests to read beyond the end of the volume

Browse source 
Previously a debug kernel would trigger an assertion failure if an I/O
request attempted to read off the end of a concat volume, but a
non-debug kernel would use an invalid sub-disk to try to complete the
request eventually resulting in some sort of fault in the kernel.

Instead, turn the assertions into explicit checks that fail requests
beyond the end of the volume with EIO.  For requests which run over
the end of the volume, return a short request.

PR:		257838
Reported by:	Robert Morris <rtm@lcs.mit.edu>
Reviewed by:	emaste
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D41222
This commit is contained in:
John Baldwin 2023-08-04 16:41:05 -07:00
parent c70e615051
commit 4c89c0127d
1 changed files with 11 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
sys/geom/raid/tr_concat.c
View file

@ -240,8 +240,10 @@ g_raid_tr_iostart_concat(struct g_raid_tr_object *tr, struct bio *bp)
offset -= vol->v_subdisks[no].sd_size;
no++;
}
KASSERT(no < vol->v_disks_count,
("Request starts after volume end (%ju)", bp->bio_offset));
if (no >= vol->v_disks_count) {
g_raid_iodone(bp, EIO);
return;
}
bioq_init(&queue);
do {
sd = &vol->v_subdisks[no];
@ -267,10 +269,8 @@ g_raid_tr_iostart_concat(struct g_raid_tr_object *tr, struct bio *bp)
addr += length;
offset = 0;
no++;
KASSERT(no < vol->v_disks_count || remain == 0,
("Request ends after volume end (%ju, %ju)",
bp->bio_offset, bp->bio_length));
} while (remain > 0);
} while (remain > 0 && no < vol->v_disks_count);
bp->bio_completed = bp->bio_length - remain;
while ((cbp = bioq_takefirst(&queue)) != NULL) {
sd = cbp->bio_caller1;
cbp->bio_caller1 = NULL;
@ -308,8 +308,8 @@ g_raid_tr_kerneldump_concat(struct g_raid_tr_object *tr, void *virtual,
offset -= vol->v_subdisks[no].sd_size;
no++;
}
KASSERT(no < vol->v_disks_count,
("Request starts after volume end (%ju)", boffset));
if (no >= vol->v_disks_count)
return (EIO);
do {
sd = &vol->v_subdisks[no];
length = MIN(sd->sd_size - offset, remain);
@ -321,10 +321,9 @@ g_raid_tr_kerneldump_concat(struct g_raid_tr_object *tr, void *virtual,
addr += length;
offset = 0;
no++;
KASSERT(no < vol->v_disks_count || remain == 0,
("Request ends after volume end (%ju, %zu)",
boffset, blength));
} while (remain > 0);
} while (remain > 0 && no < vol->v_disks_count);
if (remain > 0)
return (EIO);
return (0);
}
@ -340,7 +339,6 @@ g_raid_tr_iodone_concat(struct g_raid_tr_object *tr,
g_destroy_bio(bp);
pbp->bio_inbed++;
if (pbp->bio_children == pbp->bio_inbed) {
pbp->bio_completed = pbp->bio_length;
g_raid_iodone(pbp, pbp->bio_error);
}
}