CVS commit: [netbsd-8] src/sys/kern

Fri, 01 Nov 2019 02:29:58 -0700 

Module Name:    src
Committed By:   martin
Date:           Fri Nov  1 09:29:25 UTC 2019

Modified Files:
        src/sys/kern [netbsd-8]: subr_disk.c

Log Message:
Pull up following revision(s) (requested by cnst in ticket #1397):

        sys/kern/subr_disk.c: revision 1.129

kern/subr_disk: bounds_check_with_label: really protect against div by zero

Solves kernel panic in NetBSD 8.1 amd64 on VirtualBox 6.0.12 r133076.

Triggered with an NVMe controller without any actual discs behind it:

nvme0 at pci0 dev 14 function 0: vendor 80ee product 4e56 (rev. 0x00)
nvme0: NVMe 1.2
nvme0: interrupting at ioapic0 pin 22
nvme0: ORCL-VBOX-NVME-VER12, firmware 1.0, serial VB1234-56789
ld0 at nvme0 nsid 1
ld0: 0, 0 cyl, 16 head, 63 sec, 1 bytes/sect x 0 sectors

Code path is reached 4 times during normal boot, each time after wd0a
is already mounted; this patch avoids a crash with a dirty filesystem.


To generate a diff of this commit:
cvs rdiff -u -r1.119.2.1 -r1.119.2.2 src/sys/kern/subr_disk.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/subr_disk.c
diff -u src/sys/kern/subr_disk.c:1.119.2.1 src/sys/kern/subr_disk.c:1.119.2.2
--- src/sys/kern/subr_disk.c:1.119.2.1	Fri Apr  5 08:40:19 2019
+++ src/sys/kern/subr_disk.c	Fri Nov  1 09:29:25 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: subr_disk.c,v 1.119.2.1 2019/04/05 08:40:19 msaitoh Exp $	*/
+/*	$NetBSD: subr_disk.c,v 1.119.2.2 2019/11/01 09:29:25 martin Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997, 1999, 2000, 2009 The NetBSD Foundation, Inc.
@@ -67,7 +67,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_disk.c,v 1.119.2.1 2019/04/05 08:40:19 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_disk.c,v 1.119.2.2 2019/11/01 09:29:25 martin Exp $");
 
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -374,7 +374,7 @@ bounds_check_with_label(struct disk *dk,
 	}
 
 	/* Protect against division by zero. XXX: Should never happen?!?! */
-	if (lp->d_secpercyl == 0) {
+	if ((lp->d_secsize / DEV_BSIZE) == 0 || lp->d_secpercyl == 0) {
 		bp->b_error = EINVAL;
 		return -1;
 	}

Reply via email to