Created attachment 175746 [details]
a workaround for the problem
When G_GATE_CMD_START ioctl require some operations other than BIO_READ / BIO_WRITE, current implementation of ggatec sometimes stops working because it uses uninitialized hdr.gh_cmd variable confuses ggated.
A patch try to solve this situation by returning EOPNOTSUPP, like ggatel does.
Maybe BIO_FLUSH and BIO_DELETE should be supported on ggate protocol by assigning GGATE_CMD_FLUSH and GGATE_CMD_DELETE commands respectively, in the future.
Your patch inspired mine: https://reviews.freebsd.org/D31318
fixed with https://cgit.freebsd.org/src/commit/?id=91a8bed5a49eb2d1e4e096a4c68c108cebec8818
A commit in branch main references this bug:
Author: Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2021-08-27 20:40:05 +0000
Commit: Alan Somers <asomers@FreeBSD.org>
CommitDate: 2021-08-27 20:52:45 +0000
Add a regression test for ggatec remote code execution
Tests that ggatec appropriately handles unsupported BIO operations,
rather than overflowing a buffer.
Submitted by: Johannes Bruelltuete <firstname.lastname@example.org>
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D31318
tests/sys/geom/class/gate/ggate_test.sh | 34 +++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)