Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern kern/subr_disk: bounds_check_with_label: really pro...



details:   https://anonhg.NetBSD.org/src/rev/8ff0ac8c41b3
branches:  trunk
changeset: 1003791:8ff0ac8c41b3
user:      cnst <cnst%NetBSD.org@localhost>
date:      Mon Sep 30 23:23:59 2019 +0000

description:
kern/subr_disk: bounds_check_with_label: really protect against div by zero

Solves kernel panic in NetBSD 8.1 amd64 on VirtualBox 6.0.12 r133076.

Triggered with an NVMe controller without any actual discs behind it:

nvme0 at pci0 dev 14 function 0: vendor 80ee product 4e56 (rev. 0x00)
nvme0: NVMe 1.2
nvme0: interrupting at ioapic0 pin 22
nvme0: ORCL-VBOX-NVME-VER12, firmware 1.0, serial VB1234-56789
ld0 at nvme0 nsid 1
ld0: 0, 0 cyl, 16 head, 63 sec, 1 bytes/sect x 0 sectors

Code path is reached 4 times during normal boot, each time after wd0a
is already mounted; this patch avoids a crash with a dirty filesystem.

diffstat:

 sys/kern/subr_disk.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 0073794a742e -r 8ff0ac8c41b3 sys/kern/subr_disk.c
--- a/sys/kern/subr_disk.c      Mon Sep 30 22:04:33 2019 +0000
+++ b/sys/kern/subr_disk.c      Mon Sep 30 23:23:59 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_disk.c,v 1.128 2019/05/22 08:47:02 hannken Exp $  */
+/*     $NetBSD: subr_disk.c,v 1.129 2019/09/30 23:23:59 cnst Exp $     */
 
 /*-
  * Copyright (c) 1996, 1997, 1999, 2000, 2009 The NetBSD Foundation, Inc.
@@ -67,7 +67,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_disk.c,v 1.128 2019/05/22 08:47:02 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_disk.c,v 1.129 2019/09/30 23:23:59 cnst Exp $");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -385,7 +385,7 @@
        }
 
        /* Protect against division by zero. XXX: Should never happen?!?! */
-       if (lp->d_secpercyl == 0) {
+       if ((lp->d_secsize / DEV_BSIZE) == 0 || lp->d_secpercyl == 0) {
                bp->b_error = EINVAL;
                return -1;
        }



Home | Main Index | Thread Index | Old Index