From da5825f8edbd35665f1d20d0756fa1af2747487c Mon Sep 17 00:00:00 2001 From: cnst Date: Mon, 30 Sep 2019 23:23:59 +0000 Subject: [PATCH] kern/subr_disk: bounds_check_with_label: really protect against div by zero Solves kernel panic in NetBSD 8.1 amd64 on VirtualBox 6.0.12 r133076. Triggered with an NVMe controller without any actual discs behind it: nvme0 at pci0 dev 14 function 0: vendor 80ee product 4e56 (rev. 0x00) nvme0: NVMe 1.2 nvme0: interrupting at ioapic0 pin 22 nvme0: ORCL-VBOX-NVME-VER12, firmware 1.0, serial VB1234-56789 ld0 at nvme0 nsid 1 ld0: 0, 0 cyl, 16 head, 63 sec, 1 bytes/sect x 0 sectors Code path is reached 4 times during normal boot, each time after wd0a is already mounted; this patch avoids a crash with a dirty filesystem. --- sys/kern/subr_disk.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/subr_disk.c b/sys/kern/subr_disk.c index 1e2a2dafa9a1..06e70d5e60f1 100644 --- a/sys/kern/subr_disk.c +++ b/sys/kern/subr_disk.c @@ -1,4 +1,4 @@ -/* $NetBSD: subr_disk.c,v 1.128 2019/05/22 08:47:02 hannken Exp $ */ +/* $NetBSD: subr_disk.c,v 1.129 2019/09/30 23:23:59 cnst Exp $ */ /*- * Copyright (c) 1996, 1997, 1999, 2000, 2009 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: subr_disk.c,v 1.128 2019/05/22 08:47:02 hannken Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_disk.c,v 1.129 2019/09/30 23:23:59 cnst Exp $"); #include #include @@ -385,7 +385,7 @@ bounds_check_with_label(struct disk *dk, struct buf *bp, int wlabel) } /* Protect against division by zero. XXX: Should never happen?!?! */ - if (lp->d_secpercyl == 0) { + if ((lp->d_secsize / DEV_BSIZE) == 0 || lp->d_secpercyl == 0) { bp->b_error = EINVAL; return -1; }