c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2024-11-18 10:21:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
5,418 Commits 2 Branches 38 Tags 86 MiB
C 70.4%
Shell 19.4%
Assembly 5.1%
M4 2%
Python 1.8%
Other 1.3%
856d185dc2
Go to file
Matthew Ahrens 856d185dc2 Fix use-after-free of vd_path in spa_vdev_remove() 
After spa_vdev_remove_aux() is called, the config nvlist is no longer
valid, as it's been replaced by the new one (with the specified device
removed).  Therefore any pointers into the nvlist are no longer valid.
So we can't save the result of
`fnvlist_lookup_string(nv, ZPOOL_CONFIG_PATH)` (in vd_path) across the
call to spa_vdev_remove_aux().

Instead, use spa_strdup() to save a copy of the string before calling
spa_vdev_remove_aux.

Found by AddressSanitizer:

ERROR: AddressSanitizer: heap-use-after-free on address ...
READ of size 34 at 0x608000a1fcd0 thread T686
    #0 0x7fe88b0c166d  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d)
    #1 0x7fe88a5acd6e in spa_strdup spa_misc.c:1447
    #2 0x7fe88a688034 in spa_vdev_remove vdev_removal.c:2259
    #3 0x55ffbc7748f8 in ztest_vdev_aux_add_remove ztest.c:3229
    #4 0x55ffbc769fba in ztest_execute ztest.c:6714
    #5 0x55ffbc779a90 in ztest_thread ztest.c:6761
    #6 0x7fe889cbc6da in start_thread
    #7 0x7fe8899e588e in __clone

0x608000a1fcd0 is located 48 bytes inside of 88-byte region
freed by thread T686 here:
    #0 0x7fe88b14e7b8 in __interceptor_free
    #1 0x7fe88ae541c5 in nvlist_free nvpair.c:874
    #2 0x7fe88ae543ba in nvpair_free nvpair.c:844
    #3 0x7fe88ae57400 in nvlist_remove_nvpair nvpair.c:978
    #4 0x7fe88a683c81 in spa_vdev_remove_aux vdev_removal.c:185
    #5 0x7fe88a68857c in spa_vdev_remove vdev_removal.c:2221
    #6 0x55ffbc7748f8 in ztest_vdev_aux_add_remove ztest.c:3229
    #7 0x55ffbc769fba in ztest_execute ztest.c:6714
    #8 0x55ffbc779a90 in ztest_thread ztest.c:6761
    #9 0x7fe889cbc6da in start_thread

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@ixsystems.com>
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Closes #9706
2020-01-22 13:49:05 -08:00
.github Fix typos 2020-01-22 13:49:00 -08:00
cmd zio_decompress_data always ASSERTs successful decompression 2020-01-22 13:49:05 -08:00
config Remove zfs_vdev_elevator module option 2020-01-22 13:49:04 -08:00
contrib Skip loading already loaded key 2020-01-22 13:49:03 -08:00
etc Fix encryption logic in systemd mount generator 2020-01-22 13:49:05 -08:00
include Exclude data from cores unconditionally and metadata conditionally 2020-01-22 13:49:05 -08:00
lib Increase allowed 'special_small_blocks' maximum value 2020-01-22 13:49:05 -08:00
man zio_decompress_data always ASSERTs successful decompression 2020-01-22 13:49:05 -08:00
module Fix use-after-free of vd_path in spa_vdev_remove() 2020-01-22 13:49:05 -08:00
rpm Canonicalize Python shebangs 2020-01-22 13:49:00 -08:00
scripts Fix typos 2020-01-22 13:49:00 -08:00
tests zio_decompress_data always ASSERTs successful decompression 2020-01-22 13:49:05 -08:00
udev Add enclosure_symlinks option to vdev_id 2018-12-14 17:27:49 -08:00
.gitignore Adapt gitignore for modules 2020-01-22 13:49:05 -08:00
.gitmodules Add zimport.sh compatibility test script 2014-02-21 12:10:31 -08:00
.travis.yml Add .travis.yml 2017-11-13 09:18:18 -08:00
AUTHORS Update build system and packaging 2018-05-29 16:00:33 -07:00
autogen.sh Cause autogen.sh to fail if autoreconf fails 2018-07-06 09:27:37 -07:00
CODE_OF_CONDUCT.md Add CODE_OF_CONDUCT.md 2019-04-30 10:58:45 -07:00
configure.ac Add channel program for property based snapshots 2020-01-22 13:48:57 -08:00
copy-builtin Allow copy-builtin to work with modified sources 2018-10-17 12:06:05 -07:00
COPYRIGHT Update build system and packaging 2018-05-29 16:00:33 -07:00
LICENSE Update build system and packaging 2018-05-29 16:00:33 -07:00
Makefile.am Perform KABI checks in parallel 2020-01-22 13:49:01 -08:00
META Tag zfs-0.8.2 2019-09-25 11:27:51 -07:00
NEWS Add NEWS file 2018-09-18 12:03:47 -07:00
NOTICE Update build system and packaging 2018-05-29 16:00:33 -07:00
README.md Explicitly state supported Linux versions 2018-05-30 20:11:19 -07:00
TEST Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs.release.in Move zfs.release generation to configure step 2012-07-12 12:22:51 -07:00

README.md

img

ZFS on Linux is an advanced file system and volume manager which was originally developed for Solaris and is now maintained by the OpenZFS community.

codecov coverity

Official Resources

Installation

Full documentation for installing ZoL on your favorite Linux distribution can be found at our site.

Contribute & Develop

We have a separate document with contribution guidelines.

Release

ZFS on Linux is released under a CDDL license.
For more details see the NOTICE, LICENSE and COPYRIGHT files; UCRL-CODE-235197

Supported Kernels

  • The META file contains the officially recognized supported kernel versions.