[Bug 199476] [patch] panic when geom_uncompress tastes large filesystems
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 16 01:51:34 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199476
Bug ID: 199476
Summary: [patch] panic when geom_uncompress tastes large
filesystems
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Keywords: patch
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: kwhite at site.uottawa.ca
Keywords: patch
Created attachment 155638
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=155638&action=edit
patch to fix panic when tasting large compressed filesystems
geom_uncompress reads the header and all block offsets with a single
g_read_data() request. This will fail (panic) if the total data
requested is greater then MAXPHYS. i.e. when the total number of
block offsets approaches MAXPHYS / sizeof(uint64). The attached
patch changes the method of getting the block offsets to be the
same as that used by geom_uzip: sector by sector.
Patch attached.
Typical panic (please excuse transcription errors):
# kldload geom_uncompress
md0.uncompress: GEOM_UZIP image found
panic: g_read_data(): invalid length 290816
cpuid = 1
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00932a59c0
vpanic() at vpanic+0x189/frame 0xfffffe00932a5a40
kassert_panic() at kassert_panic+0x132/frame 0xffffe00932a5ab0
g_read_data() at g_read_data+0x45/frame 0xffffe00932a5af0
g_uncompress_taste() at g_uncompress_taste_0x30d/frame 0xfffffe00932a5b40
g_load_class() at g_load_class+0x1cc/frame 0xfffffe00932a5b70
g_run_events() at g_run_events_0x1a7/frame 0xfffffe00932a5bb0
fork_exit() at fork_exit+0x84/frame 0xfffffe00932a5bf0
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00932a5bf0
--- trap 0, rip = 0, rsp = 0xfffffe00932a5cb0, rbp = 0 ---
KDB: enter: panic
[ thread pid 13 tid 100013 ]
Stopped at kdb_enter+0x3e: movq $0,kdb_why
db>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list