svn commit: r344307 - head/sys/geom

Mark Johnston markj at FreeBSD.org
Tue Feb 19 21:33:03 UTC 2019 

Author: markj
Date: Tue Feb 19 21:33:02 2019
New Revision: 344307
URL: https://svnweb.freebsd.org/changeset/base/344307

Log:
  Limit the number of entries allocated for a REPORT_ZONES command.
  
  The DIOCGETZONE ioctl can be used to fetch the zone list of an SMR
  drive, and the caller specifies the number of entries it wants to fetch.
  Clamp the caller's request to a sane limit so that a user cannot attempt
  large allocations. Callers already need to invoke the ioctl multiple
  times to fetch the full list in general, so there's no harm in limiting
  the number of entries returned.
  
  Fix style while here.
  
  admbug:		807
  Reported by:	Ilja Van Sprundel <ivansprundel at ioactive.com>
  Reviewed by:	asomers, ken
  Tested by:	ken
  MFC after:	1 week
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D19249

Modified:
  head/sys/geom/geom_dev.c

Modified: head/sys/geom/geom_dev.c
==============================================================================
--- head/sys/geom/geom_dev.c	Tue Feb 19 21:27:30 2019	(r344306)
+++ head/sys/geom/geom_dev.c	Tue Feb 19 21:33:02 2019	(r344307)
@@ -677,8 +677,10 @@ g_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data
 		alloc_size = 0;
 
 		if (zone_args->zone_cmd == DISK_ZONE_REPORT_ZONES) {
-
 			rep = &zone_args->zone_params.report;
+#define	MAXENTRIES	(MAXPHYS / sizeof(struct disk_zone_rep_entry))
+			if (rep->entries_allocated > MAXENTRIES)
+				rep->entries_allocated = MAXENTRIES;
 			alloc_size = rep->entries_allocated *
 			    sizeof(struct disk_zone_rep_entry);
 			if (alloc_size != 0)
@@ -688,15 +690,11 @@ g_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data
 			rep->entries = new_entries;
 		}
 		error = g_io_zonecmd(zone_args, cp);
-		if ((zone_args->zone_cmd == DISK_ZONE_REPORT_ZONES)
-		 && (alloc_size != 0)
-		 && (error == 0)) {
+		if (zone_args->zone_cmd == DISK_ZONE_REPORT_ZONES &&
+		    alloc_size != 0 && error == 0)
 			error = copyout(new_entries, old_entries, alloc_size);
-		}
-		if ((old_entries != NULL)
-		 && (rep != NULL))
+		if (old_entries != NULL && rep != NULL)
 			rep->entries = old_entries;
-
 		if (new_entries != NULL)
 			g_free(new_entries);
 		break;

More information about the svn-src-all mailing list