From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1l1yuH-0005Ct-4f for mharc-grub-devel@gnu.org; Tue, 19 Jan 2021 16:51:21 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:45626) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l1yuD-0005Bb-EN for grub-devel@gnu.org; Tue, 19 Jan 2021 16:51:18 -0500 Received: from mx2.suse.de ([195.135.220.15]:40228) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l1yuB-0002j1-Fb for grub-devel@gnu.org; Tue, 19 Jan 2021 16:51:17 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 584FBAB9F for ; Tue, 19 Jan 2021 21:51:12 +0000 (UTC) Date: Tue, 19 Jan 2021 22:51:10 +0100 From: Petr Vorel To: The development of GNU GRUB Subject: Re: [PATCH] Fix potential truncation of mdraid device list Message-ID: Reply-To: Petr Vorel References: <20210116110405.GA4996@outflux.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210116110405.GA4996@outflux.net> Received-SPF: pass client-ip=195.135.220.15; envelope-from=pvorel@suse.cz; helo=mx2.suse.de X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jan 2021 21:51:18 -0000 Hi, > The consumer of grub_util_raid_getmembers() expects a NULL terminated list > of device names. It has no idea about how many devices are registered in > the array; it only cares about active devices. As a result, there cannot > be gaps in the list, otherwise the first listed inactive device will cause > all remaining devices to effectively vanish. This is especially > troublesome if a root filesystem were on an array with the first device > being a hot spare: the array would appear to have no disks and the root > filesystem would become invisible to grub. > Fixes: 49de079bbe1c ("... (grub_util_raid_getmembers): Handle "removed" disks") > Fixes: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1912043 > Fixes: https://savannah.gnu.org/bugs/index.php?59887 > Signed-off-by: Kees Cook Reviewed-by: Petr Vorel Kind regards, Petr > Index: grub2-2.04/grub-core/osdep/linux/getroot.c > =================================================================== > --- grub2-2.04.orig/grub-core/osdep/linux/getroot.c > +++ grub2-2.04/grub-core/osdep/linux/getroot.c > @@ -170,21 +170,21 @@ grub_util_raid_getmembers (const char *n > devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); > - for (i = 0, j = 0; j < info.nr_disks; i++) > + for (i = 0, j = 0; i < info.nr_disks; i++) > { > disk.number = i; > ret = ioctl (fd, GET_DISK_INFO, &disk); > if (ret != 0) > grub_util_error (_("ioctl GET_DISK_INFO error: %s"), strerror (errno)); > - > + > if (disk.state & (1 << MD_DISK_REMOVED)) > continue; > - if (disk.state & (1 << MD_DISK_ACTIVE)) > - devicelist[j] = grub_find_device (NULL, > - makedev (disk.major, disk.minor)); > - else > - devicelist[j] = NULL; > + if (!(disk.state & (1 << MD_DISK_ACTIVE))) > + continue; > + > + devicelist[j] = grub_find_device (NULL, > + makedev (disk.major, disk.minor)); > j++; > }