Another attempt to fix issue with the DIOCGDELETE ioctl(2) not

handling slightly out-of-bound requests properly (r340187). Perform range check here rather then rely on g_delete_data() to DTRT. The g_delete_data() would always return success for requests starting just the next byte after providers media boundary. MFC after: 4 weeks
svn path=/head/; revision=341494
2018-12-04 21:48:56 +00:00 · 2018-12-04 21:48:56 +00:00 · 9dcafe16d4 · 2020-12-20 02:59:44 +00:00
commit 9dcafe16d4
parent 7dc61ac11f
1 changed files with 14 additions and 0 deletions
--- a/sys/geom/geom_dev.c
+++ b/sys/geom/geom_dev.c
@ -583,6 +583,20 @@ g_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag, struct thread
 			error = EINVAL;
 			break;
 		}
+		if ((cp->provider->mediasize > 0) &&
+		    (offset >= cp->provider->mediasize)) {
+			/*
+			 * Catch out-of-bounds requests here. The problem is
+			 * that due to historical GEOM I/O implementation
+			 * peculatities, g_delete_data() would always return
+			 * success for requests starting just the next byte
+			 * after providers media boundary. Condition check on
+			 * non-zero media size, since that condition would
+			 * (most likely) cause ENXIO instead.
+			 */
+			error = EIO;
+			break;
+		}
 		while (length > 0) {
 			chunk = length;
 			if (g_dev_del_max_sectors != 0 && chunk >