From nobody Mon Apr 18 21:58:18 2022 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DF9D311DF15E for ; Mon, 18 Apr 2022 21:58:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Kj15k59Gmz3Pgv for ; Mon, 18 Apr 2022 21:58:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 91FFA1AD52 for ; Mon, 18 Apr 2022 21:58:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 23ILwI3u040635 for ; Mon, 18 Apr 2022 21:58:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 23ILwISV040634 for bugs@FreeBSD.org; Mon, 18 Apr 2022 21:58:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 262894] Kernel Panic (page fault) with 13.1-BETA2 in g_eli & httpd Date: Mon, 18 Apr 2022 21:58:18 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: mav@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650319098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8CsEf9tdMwRUU68VmeBrDYgpNxpiygZ+KB+I+jmPvKI=; b=Yqmz9uZrxzLrHAh57Gvcnw1Mkgit50MYoYlNolfAC5IdZGKaE+rcgq3ZoylOJpkxp66LQv X4A/rSC3EA1cz/wNHF6UxqRVXwxqorAK8jDjFwfLx6YTYJXXOjGvymSq/s9yosP8jRn8DD Q4NclGDvMyQYT1lw7mbs7CTdrD2IL8iRuwnEs25K76EytU0gppip9mhzC4TknZbqbox6nf QvObzBWaENx4BjMKIklQZArZ1AqkZQ6F4KY0MoKVZ5x4ElIYZa97TbMkY01VHgZYMimiHf n3/VWLYVOrZJwsfQDbSoxcmLbGcX8rNVfsMBNzDs9aW9Td52BRuc+3ZMZYYvqw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1650319098; a=rsa-sha256; cv=none; b=KFNSsixZTgUAY0MNwEXvr7d3BvfrQ9F7/UMXHihXDyZU+rIcysAJ9f1z6RsCER6X18zBeC Z9yxEaYgGs6waXI+a7gcKEEFa8MjtkUWgM5sH5odLcHnZvmTI+gCBObk9LEVu0a1vMsZVw LJMKTiQsPPL/W21z3rYW+Wgz2XRTUliIYTYNuMuQxK84wgvQ05azXQ1givE57JCgdm135t 65RIbkVb+rzTBLOjxsInx4wPI0EG+7rsBSOcuYEt6XuURIbcSA0rOJCouI2cPLjLxpO7nM 4C0P158tV8+O2EAmZhHBGPJvQikCBPIQRwv6e7taheSAJ6KkcCs4QApSeJEHsw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D262894 --- Comment #30 from Alexander Motin --- (In reply to Mark Johnston from comment #28) While it seems like a good catch on a first look, I doubt it is exploitable= .=20 The code uses unmapped I/O only if all boundaries within the ABD except the first and the last are page aligned. The case of "addr & PAGE_MASK is 2048= and len is 4096" can fit into this only if it is the only chunk in ABD, but the= n it should be a linear buffer, not requiring unmapped I/O. Fitting case of add= r & PAGE_MASK is 2048 and len is 6144 should work fine, producing two pages. Plus TrueNAS for many years uses ashift=3D12, which means all offsets in RA= IDZ and gang blocks should be multiple of 4K and so page-aligned on x86. But still, just in case, what would you say about this patch: diff --git a/module/os/freebsd/zfs/vdev_geom.c b/module/os/freebsd/zfs/vdev_geom.c index 2ef4811a8..5447eb922 100644 --- a/module/os/freebsd/zfs/vdev_geom.c +++ b/module/os/freebsd/zfs/vdev_geom.c @@ -1132,8 +1132,12 @@ vdev_geom_fill_unmap_cb(void *buf, size_t len, void *priv) vm_offset_t addr =3D (vm_offset_t)buf; vm_offset_t end =3D addr + len; - if (bp->bio_ma_n =3D=3D 0) + if (bp->bio_ma_n =3D=3D 0) { bp->bio_ma_offset =3D addr & PAGE_MASK; + addr &=3D ~PAGE_MASK; + } else { + ASSERT0(P2PHASE(addr, PAGE_SIZE)); + } do { bp->bio_ma[bp->bio_ma_n++] =3D PHYS_TO_VM_PAGE(pmap_kextract(addr)); --=20 You are receiving this mail because: You are the assignee for the bug.=