d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Another attempt to fix issue with the DIOCGDELETE ioctl(2) not

Browse Source 
handling slightly out-of-bound requests properly (r340187).
Perform range check here rather then rely on g_delete_data() to DTRT.

The g_delete_data() would always return success for requests
starting just the next byte after providers media boundary.

MFC after:	4 weeks
This commit is contained in:
Maxim Sobolev 2018-12-04 21:48:56 +00:00
parent 7dc61ac11f
commit 9dcafe16d4
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/geom/geom_dev.c
View File

@ -583,6 +583,20 @@ g_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag, struct thread
error = EINVAL; error = EINVAL;
break; break;
} }
if ((cp->provider->mediasize > 0) &&
(offset >= cp->provider->mediasize)) {
/*
* Catch out-of-bounds requests here. The problem is
* that due to historical GEOM I/O implementation
* peculatities, g_delete_data() would always return
* success for requests starting just the next byte
* after providers media boundary. Condition check on
* non-zero media size, since that condition would
* (most likely) cause ENXIO instead.
*/
error = EIO;
break;
}
while (length > 0) { while (length > 0) {
chunk = length; chunk = length;
if (g_dev_del_max_sectors != 0 && chunk > if (g_dev_del_max_sectors != 0 && chunk >