c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-01-12 19:20:28 +03:00
Code Issues Packages Projects Releases Wiki Activity
856d185dc2
mirror_zfs/module/zfs
History
Matthew Ahrens 856d185dc2 Fix use-after-free of vd_path in spa_vdev_remove() 
After spa_vdev_remove_aux() is called, the config nvlist is no longer
valid, as it's been replaced by the new one (with the specified device
removed).  Therefore any pointers into the nvlist are no longer valid.
So we can't save the result of
`fnvlist_lookup_string(nv, ZPOOL_CONFIG_PATH)` (in vd_path) across the
call to spa_vdev_remove_aux().

Instead, use spa_strdup() to save a copy of the string before calling
spa_vdev_remove_aux.

Found by AddressSanitizer:

ERROR: AddressSanitizer: heap-use-after-free on address ...
READ of size 34 at 0x608000a1fcd0 thread T686
    #0 0x7fe88b0c166d  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d)
    #1 0x7fe88a5acd6e in spa_strdup spa_misc.c:1447
    #2 0x7fe88a688034 in spa_vdev_remove vdev_removal.c:2259
    #3 0x55ffbc7748f8 in ztest_vdev_aux_add_remove ztest.c:3229
    #4 0x55ffbc769fba in ztest_execute ztest.c:6714
    #5 0x55ffbc779a90 in ztest_thread ztest.c:6761
    #6 0x7fe889cbc6da in start_thread
    #7 0x7fe8899e588e in __clone

0x608000a1fcd0 is located 48 bytes inside of 88-byte region
freed by thread T686 here:
    #0 0x7fe88b14e7b8 in __interceptor_free
    #1 0x7fe88ae541c5 in nvlist_free nvpair.c:874
    #2 0x7fe88ae543ba in nvpair_free nvpair.c:844
    #3 0x7fe88ae57400 in nvlist_remove_nvpair nvpair.c:978
    #4 0x7fe88a683c81 in spa_vdev_remove_aux vdev_removal.c:185
    #5 0x7fe88a68857c in spa_vdev_remove vdev_removal.c:2221
    #6 0x55ffbc7748f8 in ztest_vdev_aux_add_remove ztest.c:3229
    #7 0x55ffbc769fba in ztest_execute ztest.c:6714
    #8 0x55ffbc779a90 in ztest_thread ztest.c:6761
    #9 0x7fe889cbc6da in start_thread

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@ixsystems.com>
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Closes #9706
2020-01-22 13:49:05 -08:00
..
abd.c single-chunk scatter ABDs can be treated as linear 2020-01-22 13:48:56 -08:00
aggsum.c OpenZFS 9688 - aggsum_fini leaks memory 2018-10-19 12:08:03 -07:00
arc.c Fix use-after-free in case of L2ARC prefetch failure 2020-01-22 13:49:05 -08:00
blkptr.c Undo c89 workarounds to match with upstream 2017-11-04 13:25:13 -07:00
bplist.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
bpobj.c Stack overflow in recursive bpobj_iterate_impl 2019-03-06 09:50:55 -08:00
bptree.c Native Encryption for ZFS on Linux 2017-08-14 10:36:48 -07:00
bqueue.c Wait in 'S' state when send/recv pipe is blocking 2019-06-07 12:45:40 -07:00
cityhash.c OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
dataset_kstats.c Fix panic on DilOS with kstat per dataset statistics 2020-01-22 13:49:00 -08:00
dbuf_stats.c Prefix all refcount functions with zfs_ 2018-10-01 10:42:05 -07:00
dbuf.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
ddt_zap.c fat zap should prefetch when iterating 2019-09-25 11:27:47 -07:00
ddt.c ztest: scrub ddt repair 2019-01-17 15:25:00 -08:00
dmu_diff.c diff_cb() does not handle large dnodes 2020-01-22 13:49:01 -08:00
dmu_object.c Fix send/recv lost spill block 2019-05-07 15:18:44 -07:00
dmu_objset.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dmu_recv.c Always refuse receving non-resume stream when resume state exists 2019-09-25 11:27:51 -07:00
dmu_send.c Fix send/recv lost spill block 2019-05-07 15:18:44 -07:00
dmu_traverse.c Fix traverse_impl() kmem leak 2018-08-15 09:53:44 -07:00
dmu_tx.c Improve performance by using dmu_tx_hold_*_by_dnode() 2019-09-25 11:27:50 -07:00
dmu_zfetch.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dmu.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dnode_sync.c Reinstate raw receive check when truncating 2019-06-07 12:45:40 -07:00
dnode.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dsl_bookmark.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dsl_crypt.c Fix 'zfs change-key' with unencrypted child 2020-01-22 13:49:03 -08:00
dsl_dataset.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dsl_deadlist.c OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
dsl_deleg.c Update build system and packaging 2018-05-29 16:00:33 -07:00
dsl_destroy.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dsl_dir.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dsl_pool.c dmu_tx_wait() hang likely due to cv_signal() in dsl_pool_dirty_delta() 2020-01-22 13:48:57 -08:00
dsl_prop.c Update build system and packaging 2018-05-29 16:00:33 -07:00
dsl_scan.c Fix stalled txg with repeated noop scans 2020-01-22 13:49:00 -08:00
dsl_synctask.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
dsl_userhold.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
edonr_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
fm.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
gzip.c Update build system and packaging 2018-05-29 16:00:33 -07:00
hkdf.c Encryption patch follow-up 2017-10-11 16:54:48 -04:00
lz4.c Reword comment in lz4_compress_zfs 2019-05-02 16:46:04 -07:00
lzjb.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
Makefile.in Add TRIM support 2019-03-29 09:13:20 -07:00
metaslab.c Prevent metaslab_sync panic due to spa_final_dirty_txg 2020-01-22 13:48:58 -08:00
mmp.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
multilist.c Avoid extra taskq_dispatch() calls by DMU 2019-09-25 11:27:48 -07:00
pathname.c Disable unused pathname::pn_path* (unneeded in Linux) 2019-09-25 11:27:49 -07:00
policy.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
qat_compress.c QAT related bug fixes 2019-09-25 11:27:51 -07:00
qat_crypt.c QAT related bug fixes 2019-09-25 11:27:51 -07:00
qat.c QAT related bug fixes 2019-09-25 11:27:51 -07:00
qat.h Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
range_tree.c Restrict kstats and print real pointers 2019-04-04 18:57:06 -07:00
refcount.c Prevent race in blkptr_verify against device removal 2020-01-22 13:48:57 -08:00
rrwlock.c Prefix all refcount functions with zfs_ 2018-10-01 10:42:05 -07:00
sa.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
sha256.c SHA256 QAT acceleration 2018-03-15 10:53:58 -07:00
skein_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
spa_boot.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
spa_checkpoint.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
spa_config.c Fix /etc/hostid on root pool deadlock 2019-09-25 11:27:51 -07:00
spa_errlog.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
spa_history.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
spa_misc.c Prevent race in blkptr_verify against device removal 2020-01-22 13:48:57 -08:00
spa_stats.c Restrict kstats and print real pointers 2019-04-04 18:57:06 -07:00
spa.c Fix pool creation with feature@allocation_classes disabled 2020-01-22 13:49:02 -08:00
space_map.c Restrict kstats and print real pointers 2019-04-04 18:57:06 -07:00
space_reftree.c OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
THIRDPARTYLICENSE.cityhash OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
THIRDPARTYLICENSE.cityhash.descrip OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
trace.c OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
txg.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
uberblock.c MMP interval and fail_intervals in uberblock 2019-03-21 12:47:57 -07:00
unique.c Performance optimization of AVL tree comparator functions 2016-08-31 14:35:34 -07:00
vdev_cache.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
vdev_disk.c ZTS: Fix zpool_reopen_001_pos 2020-01-22 13:49:05 -08:00
vdev_file.c Update vdev_ops_t from illumos 2019-09-25 11:27:48 -07:00
vdev_indirect_births.c Fixes: #8934 Large kmem_alloc 2019-09-25 11:27:49 -07:00
vdev_indirect_mapping.c Get rid of space_map_update() for ms_synced_length 2019-02-12 10:38:11 -08:00
vdev_indirect.c Update vdev_ops_t from illumos 2019-09-25 11:27:48 -07:00
vdev_initialize.c Include prototypes for vdev_initialize 2020-01-22 13:49:03 -08:00
vdev_label.c panic in removal_remap test on 4K devices 2019-09-25 11:27:47 -07:00
vdev_mirror.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
vdev_missing.c Update vdev_ops_t from illumos 2019-09-25 11:27:48 -07:00
vdev_queue.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
vdev_raidz_math_aarch64_neon_common.h Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
vdev_raidz_math_aarch64_neon.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz_math_aarch64_neonx2.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz_math_avx2.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz_math_avx512bw.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz_math_avx512f.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz_math_impl.h codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math_scalar.c Linux 5.3: Fix switch() fall though compiler errors 2019-09-25 11:27:50 -07:00
vdev_raidz_math_sse2.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz_math_ssse3.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz_math.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
vdev_raidz.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
vdev_removal.c Fix use-after-free of vd_path in spa_vdev_remove() 2020-01-22 13:49:05 -08:00
vdev_root.c Update vdev_ops_t from illumos 2019-09-25 11:27:48 -07:00
vdev_trim.c Add TRIM support 2019-03-29 09:13:20 -07:00
vdev.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zap_leaf.c Off-by-one in zap_leaf_array_create() 2019-01-18 09:58:46 -08:00
zap_micro.c fat zap should prefetch when iterating 2019-09-25 11:27:47 -07:00
zap.c fat zap should prefetch when iterating 2019-09-25 11:27:47 -07:00
zcp_get.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zcp_global.c OpenZFS 8600 - ZFS channel programs - snapshot 2018-02-08 15:29:24 -08:00
zcp_iter.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zcp_synctask.c OpenZFS 9166 - zfs storage pool checkpoint 2018-06-26 10:07:42 -07:00
zcp.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zfeature.c Consistently captialize GUID for features 2019-04-16 10:01:51 -07:00
zfs_acl.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zfs_byteswap.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zfs_ctldir.c Fix automount for root filesystems 2020-01-22 13:49:02 -08:00
zfs_debug.c Restrict kstats and print real pointers 2019-04-04 18:57:06 -07:00
zfs_dir.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zfs_fm.c Add zpool status -s (slow I/Os) and -p (parseable) 2018-11-08 16:47:24 -08:00
zfs_fuid.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_ioctl.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zfs_log.c Improve write performance by using dmu_read_by_dnode() 2020-01-22 13:48:57 -08:00
zfs_onexit.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zfs_ratelimit.c Change checksum & IO delay ratelimit values 2018-03-04 17:34:51 -08:00
zfs_replay.c Fix zil replay panic when TX_REMOVE followed by TX_CREATE 2019-09-25 11:27:51 -07:00
zfs_rlock.c Rename rangelock_ functions to zfs_rangelock_ 2020-01-22 13:49:02 -08:00
zfs_sa.c Project Quota on ZFS 2018-02-13 14:54:54 -08:00
zfs_sysfs.c Prevent pointer to an out-of-scope local variable 2019-09-25 11:27:48 -07:00
zfs_vfsops.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zfs_vnops.c Rename rangelock_ functions to zfs_rangelock_ 2020-01-22 13:49:02 -08:00
zfs_znode.c Check for unlinked znodes after igrab() 2020-01-22 13:49:04 -08:00
zil.c Improve logging of 128KB writes 2020-01-22 13:49:04 -08:00
zio_checksum.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zio_compress.c zio_decompress_data always ASSERTs successful decompression 2020-01-22 13:49:05 -08:00
zio_crypt.c Linux 5.0 compat: SIMD compatibility 2020-01-22 13:49:01 -08:00
zio_inject.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zio.c Exclude data from cores unconditionally and metadata conditionally 2020-01-22 13:49:05 -08:00
zle.c Fix zle_decompress out of bound access 2018-02-09 10:08:05 -08:00
zpl_ctldir.c RHEL 7.5 compat: FMODE_KABI_ITERATE 2018-05-02 15:01:24 -07:00
zpl_export.c Use cstyle -cpP in make cstyle check 2016-12-12 10:46:26 -08:00
zpl_file.c Fix errant EFAULT during writes (#8719) 2019-05-08 10:04:04 -07:00
zpl_inode.c Fix errant EFAULT during writes (#8719) 2019-05-08 10:04:04 -07:00
zpl_super.c Fix typos in module/zfs/ 2020-01-22 13:48:59 -08:00
zpl_xattr.c Drop redundant POSIX ACL check in zpl_init_acl() 2019-09-25 11:27:49 -07:00
zrlock.c Update build system and packaging 2018-05-29 16:00:33 -07:00
zthr.c Fix txg_wait_open() load average inflation 2019-04-04 09:44:46 -07:00
zvol.c Rename rangelock_ functions to zfs_rangelock_ 2020-01-22 13:49:02 -08:00