From 1649f1572fc22ec9708f6f62c0fff2b55ac40096 Mon Sep 17 00:00:00 2001 From: glebius Date: Tue, 25 Oct 2016 16:50:10 +0000 Subject: EN-16:18: loader may hang during boot A programming error in GELIBoot causes the loader to attempt to read past the end of the disk if the size of the final partition is not a multiple of 4 kB. Merge r306834 from stable/11. Approved by: so --- sys/boot/geli/geliboot.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/sys/boot/geli/geliboot.c b/sys/boot/geli/geliboot.c index 10df707..f9a128c 100644 --- a/sys/boot/geli/geliboot.c +++ b/sys/boot/geli/geliboot.c @@ -77,17 +77,25 @@ geli_taste(int read_func(void *vdev, void *priv, off_t off, void *buf, int error; off_t alignsector; - alignsector = (lastsector * DEV_BSIZE) & - ~(off_t)(DEV_GELIBOOT_BSIZE - 1); + alignsector = rounddown2(lastsector * DEV_BSIZE, DEV_GELIBOOT_BSIZE); + if (alignsector + DEV_GELIBOOT_BSIZE > ((lastsector + 1) * DEV_BSIZE)) { + /* Don't read past the end of the disk */ + alignsector = (lastsector * DEV_BSIZE) + DEV_BSIZE + - DEV_GELIBOOT_BSIZE; + } error = read_func(NULL, dskp, alignsector, &buf, DEV_GELIBOOT_BSIZE); if (error != 0) { return (error); } - /* Extract the last DEV_BSIZE bytes from the block. */ - error = eli_metadata_decode(buf + (DEV_GELIBOOT_BSIZE - DEV_BSIZE), - &md); + /* Extract the last 4k sector of the disk. */ + error = eli_metadata_decode(buf, &md); if (error != 0) { - return (error); + /* Try the last 512 byte sector instead. */ + error = eli_metadata_decode(buf + + (DEV_GELIBOOT_BSIZE - DEV_BSIZE), &md); + if (error != 0) { + return (error); + } } if (!(md.md_flags & G_ELI_FLAG_GELIBOOT)) { -- cgit v1.1