Skip to content

Commit

Permalink
FreeBSD: Fix translation from ABD to physical pages
Browse files Browse the repository at this point in the history
In hypothetical case of non-linear ABD with single segment, multiple
to page size but not aligned to it, vdev_geom_fill_unmap_cb() could
fill one page less into bio_ma array.

I am not sure it is exploitable, but better to be safe than sorry.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Reported-by: Mark Johnston <[email protected]>
Signed-off-by: Alexander Motin <[email protected]>
Closes #13345
  • Loading branch information
amotin authored Apr 20, 2022
1 parent e37e7dd commit 9209ea6
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion module/os/freebsd/zfs/vdev_geom.c
Original file line number Diff line number Diff line change
Expand Up @@ -1131,8 +1131,12 @@ vdev_geom_fill_unmap_cb(void *buf, size_t len, void *priv)
vm_offset_t addr = (vm_offset_t)buf;
vm_offset_t end = addr + len;

if (bp->bio_ma_n == 0)
if (bp->bio_ma_n == 0) {
bp->bio_ma_offset = addr & PAGE_MASK;
addr &= ~PAGE_MASK;
} else {
ASSERT0(P2PHASE(addr, PAGE_SIZE));
}
do {
bp->bio_ma[bp->bio_ma_n++] =
PHYS_TO_VM_PAGE(pmap_kextract(addr));
Expand Down

0 comments on commit 9209ea6

Please sign in to comment.