mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-11-17 10:01:01 +03:00
72540ea314
Unit testing at ClusterHQ found that passing an invalid file handle to zfs_ioc_hold results in a NULL pointer dereference on a system without assertions: IP: [<ffffffffa0218aa0>] zfsdev_getminor+0x10/0x20 [zfs] Call Trace: [<ffffffffa021b4b0>] zfs_onexit_fd_hold+0x20/0x40 [zfs] [<ffffffffa0214043>] zfs_ioc_hold+0x93/0xd0 [zfs] [<ffffffffa0215890>] zfsdev_ioctl+0x200/0x500 [zfs] An assertion would have caught this had they been enabled, but this is something that the kernel module should handle without failing. We resolve this by searching the linked list to ensure that the file handle's private_data points to a valid zfsdev_state_t. Signed-off-by: Richard Yao <ryao@gentoo.org> Signed-off-by: Andriy Gapon <avg@FreeBSD.org> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #3506 |
||
|---|---|---|
| .. | ||
| linux | ||
| sys | ||
| libnvpair.h | ||
| libuutil_common.h | ||
| libuutil_impl.h | ||
| libuutil.h | ||
| libzfs_core.h | ||
| libzfs_impl.h | ||
| libzfs.h | ||
| Makefile.am | ||
| zfeature_common.h | ||
| zfs_comutil.h | ||
| zfs_deleg.h | ||
| zfs_fletcher.h | ||
| zfs_namecheck.h | ||
| zfs_prop.h | ||
| zpios-ctl.h | ||
| zpios-internal.h | ||