Zero pad bytes following TX_WRITE log data

When logging a TX_WRITE record in the case where file data has to be
copied from the DMU, we pad the log record size to a multiple of 8
bytes.  In this case, any padding bytes should be zeroed, otherwise the
contents of uninitialized memory are written to the ZIL.

This was found using KMSAN.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Mark Johnston <markj@FreeBSD.org>
Closes #12383
This commit is contained in:
Mark Johnston 2021-07-16 10:05:28 -04:00 committed by Brian Behlendorf
parent 58714c2817
commit 3a185275a0

View File

@ -1619,7 +1619,7 @@ zil_lwb_commit(zilog_t *zilog, itx_t *itx, lwb_t *lwb)
lr_t *lrcb, *lrc; lr_t *lrcb, *lrc;
lr_write_t *lrwb, *lrw; lr_write_t *lrwb, *lrw;
char *lr_buf; char *lr_buf;
uint64_t dlen, dnow, lwb_sp, reclen, txg, max_log_data; uint64_t dlen, dnow, dpad, lwb_sp, reclen, txg, max_log_data;
ASSERT(MUTEX_HELD(&zilog->zl_issuer_lock)); ASSERT(MUTEX_HELD(&zilog->zl_issuer_lock));
ASSERT3P(lwb, !=, NULL); ASSERT3P(lwb, !=, NULL);
@ -1653,8 +1653,9 @@ zil_lwb_commit(zilog_t *zilog, itx_t *itx, lwb_t *lwb)
if (lrc->lrc_txtype == TX_WRITE && itx->itx_wr_state == WR_NEED_COPY) { if (lrc->lrc_txtype == TX_WRITE && itx->itx_wr_state == WR_NEED_COPY) {
dlen = P2ROUNDUP_TYPED( dlen = P2ROUNDUP_TYPED(
lrw->lr_length, sizeof (uint64_t), uint64_t); lrw->lr_length, sizeof (uint64_t), uint64_t);
dpad = dlen - lrw->lr_length;
} else { } else {
dlen = 0; dlen = dpad = 0;
} }
reclen = lrc->lrc_reclen; reclen = lrc->lrc_reclen;
zilog->zl_cur_used += (reclen + dlen); zilog->zl_cur_used += (reclen + dlen);
@ -1748,6 +1749,9 @@ cont:
error = zilog->zl_get_data(itx->itx_private, error = zilog->zl_get_data(itx->itx_private,
itx->itx_gen, lrwb, dbuf, lwb, itx->itx_gen, lrwb, dbuf, lwb,
lwb->lwb_write_zio); lwb->lwb_write_zio);
if (dbuf != NULL && error == 0 && dnow == dlen)
/* Zero any padding bytes in the last block. */
bzero((char *)dbuf + lrwb->lr_length, dpad);
if (error == EIO) { if (error == EIO) {
txg_wait_synced(zilog->zl_dmu_pool, txg); txg_wait_synced(zilog->zl_dmu_pool, txg);