From a7ea4e0a0bb8bbac90652f9ff777c76cd5fcfb34 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Wed, 28 Dec 2011 16:02:46 +0000 Subject: Avoid the use of an invalid disklabel by setting a DK_LABELVALID flag if we correctly read and validated the disklabel. Always check that this flag is set before using the DUID from the disklabel. Discussed with deraadt@ ok krw@ --- sys/kern/subr_disk.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'sys/kern') diff --git a/sys/kern/subr_disk.c b/sys/kern/subr_disk.c index ae347fff99d..35664552ebc 100644 --- a/sys/kern/subr_disk.c +++ b/sys/kern/subr_disk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_disk.c,v 1.134 2011/12/28 14:34:13 jsing Exp $ */ +/* $OpenBSD: subr_disk.c,v 1.135 2011/12/28 16:02:45 jsing Exp $ */ /* $NetBSD: subr_disk.c,v 1.17 1996/03/16 23:17:08 christos Exp $ */ /* @@ -866,17 +866,21 @@ disk_attach_callback(void *arg1, void *arg2) if (dk->dk_devno == dev) break; } - if (dk == NULL || (dk->dk_flags & (DKF_OPENED | DKF_NOLABELREAD))) + if (dk == NULL || (dk->dk_flags & (DKF_OPENED | DKF_NOLABELREAD))) { + wakeup(dk); return; + } /* XXX: Assumes dk is part of the device softc. */ device_ref(dk->dk_device); /* Read disklabel. */ - disk_readlabel(&dl, dev, errbuf, sizeof(errbuf)); + if (disk_readlabel(&dl, dev, errbuf, sizeof(errbuf)) == NULL) + dk->dk_flags |= DKF_LABELVALID; dk->dk_flags |= DKF_OPENED; device_unref(dk->dk_device); + wakeup(dk); } /* @@ -1265,7 +1269,8 @@ gotswap: bzero(&duid, sizeof(duid)); if (bcmp(rootduid, &duid, sizeof(rootduid)) != 0) { TAILQ_FOREACH(dk, &disklist, dk_link) - if (dk->dk_label && bcmp(dk->dk_label->d_uid, + if ((dk->dk_flags & DKF_LABELVALID) && + dk->dk_label && bcmp(dk->dk_label->d_uid, &rootduid, sizeof(rootduid)) == 0) break; if (dk == NULL) @@ -1497,7 +1502,8 @@ disk_map(char *path, char *mappath, int size, int flags) mdk = NULL; TAILQ_FOREACH(dk, &disklist, dk_link) { - if (dk->dk_label && bcmp(dk->dk_label->d_uid, uid, + if ((dk->dk_flags & DKF_LABELVALID) && dk->dk_label && + bcmp(dk->dk_label->d_uid, uid, sizeof(dk->dk_label->d_uid)) == 0) { /* Fail if there are duplicate UIDs! */ if (mdk != NULL) -- cgit v1.2.3