mirror_zfs/module/zfs
Matthew Ahrens 9bb0d89c5c Fix use-after-free of vd_path in spa_vdev_remove()
After spa_vdev_remove_aux() is called, the config nvlist is no longer
valid, as it's been replaced by the new one (with the specified device
removed).  Therefore any pointers into the nvlist are no longer valid.
So we can't save the result of
`fnvlist_lookup_string(nv, ZPOOL_CONFIG_PATH)` (in vd_path) across the
call to spa_vdev_remove_aux().

Instead, use spa_strdup() to save a copy of the string before calling
spa_vdev_remove_aux.

Found by AddressSanitizer:

ERROR: AddressSanitizer: heap-use-after-free on address ...
READ of size 34 at 0x608000a1fcd0 thread T686
    #0 0x7fe88b0c166d  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d)
    #1 0x7fe88a5acd6e in spa_strdup spa_misc.c:1447
    #2 0x7fe88a688034 in spa_vdev_remove vdev_removal.c:2259
    #3 0x55ffbc7748f8 in ztest_vdev_aux_add_remove ztest.c:3229
    #4 0x55ffbc769fba in ztest_execute ztest.c:6714
    #5 0x55ffbc779a90 in ztest_thread ztest.c:6761
    #6 0x7fe889cbc6da in start_thread
    #7 0x7fe8899e588e in __clone

0x608000a1fcd0 is located 48 bytes inside of 88-byte region
freed by thread T686 here:
    #0 0x7fe88b14e7b8 in __interceptor_free
    #1 0x7fe88ae541c5 in nvlist_free nvpair.c:874
    #2 0x7fe88ae543ba in nvpair_free nvpair.c:844
    #3 0x7fe88ae57400 in nvlist_remove_nvpair nvpair.c:978
    #4 0x7fe88a683c81 in spa_vdev_remove_aux vdev_removal.c:185
    #5 0x7fe88a68857c in spa_vdev_remove vdev_removal.c:2221
    #6 0x55ffbc7748f8 in ztest_vdev_aux_add_remove ztest.c:3229
    #7 0x55ffbc769fba in ztest_execute ztest.c:6714
    #8 0x55ffbc779a90 in ztest_thread ztest.c:6761
    #9 0x7fe889cbc6da in start_thread

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Ryan Moeller <ryan@ixsystems.com>
Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Closes #9706
2019-12-11 15:38:21 -08:00
..
aggsum.c OpenZFS 9688 - aggsum_fini leaks memory 2018-10-19 12:08:03 -07:00
arc.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
blkptr.c Undo c89 workarounds to match with upstream 2017-11-04 13:25:13 -07:00
bplist.c Fast Clone Deletion 2019-07-26 10:54:14 -07:00
bpobj.c Add subcommand to wait for background zfs activity to complete 2019-09-13 18:09:06 -07:00
bptree.c Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
bqueue.c Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
btree.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
cityhash.c OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
dataset_kstats.c Fix panic on DilOS with kstat per dataset statistics 2019-09-03 12:12:31 -07:00
dbuf_stats.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
dbuf.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
ddt_zap.c fat zap should prefetch when iterating 2019-06-12 13:13:09 -07:00
ddt.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
dmu_diff.c Mark write_record static 2019-12-03 09:51:44 -08:00
dmu_object.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
dmu_objset.c Fix strdup conflict on other platforms 2019-10-10 09:47:06 -07:00
dmu_recv.c Add zfs_file_* interface, remove vnodes 2019-11-21 09:32:57 -08:00
dmu_redact.c Move objnode handling to common code 2019-09-12 13:31:09 -07:00
dmu_send.c Don't call arc_buf_destroy on unallocated arc_buf 2019-10-23 15:26:17 -07:00
dmu_traverse.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
dmu_tx.c Enable use of DTRACE_PROBE* macros in "spl" module 2019-11-01 13:13:43 -07:00
dmu_zfetch.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
dmu.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
dnode_sync.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
dnode.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
dsl_bookmark.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
dsl_crypt.c Add zfs_file_* interface, remove vnodes 2019-11-21 09:32:57 -08:00
dsl_dataset.c Mark dsl_dataset_deactivate_feature_impl static 2019-12-09 12:26:33 -08:00
dsl_deadlist.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
dsl_deleg.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
dsl_destroy.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
dsl_dir.c Add FreeBSD jail support hooks 2019-12-11 11:58:37 -08:00
dsl_pool.c Eliminate Linux specific inode usage from common code 2019-12-11 11:53:57 -08:00
dsl_prop.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
dsl_scan.c Prevent unnecessary resilver restarts 2019-11-27 10:15:01 -08:00
dsl_synctask.c Fix typos in module/zfs/ 2019-09-02 17:56:41 -07:00
dsl_userhold.c Fix strdup conflict on other platforms 2019-10-10 09:47:06 -07:00
edonr_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
fm.c Add zfs_file_* interface, remove vnodes 2019-11-21 09:32:57 -08:00
gzip.c OpenZFS restructuring - move platform specific sources 2019-09-06 11:26:26 -07:00
hkdf.c Encryption patch follow-up 2017-10-11 16:54:48 -04:00
lz4.c Enable clang to use intrinsics for lz4 2019-10-01 13:17:32 -07:00
lzjb.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
Makefile.in Relocate common quota functions to shared code 2019-12-11 12:12:08 -08:00
metaslab.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
mmp.c Move linux specific mmp module_param_call handler to platform code 2019-10-16 18:37:31 -07:00
multilist.c Enable use of DTRACE_PROBE* macros in "spl" module 2019-11-01 13:13:43 -07:00
objlist.c Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
pathname.c Disable unused pathname::pn_path* (unneeded in Linux) 2019-07-15 13:57:56 -07:00
range_tree.c Function name and comment updates 2019-10-11 10:13:21 -07:00
refcount.c Prevent race in blkptr_verify against device removal 2019-08-13 21:24:43 -06:00
rrwlock.c Enable use of DTRACE_PROBE* macros in "spl" module 2019-11-01 13:13:43 -07:00
sa.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
sha256.c OpenZFS restructuring - move platform specific sources 2019-09-06 11:26:26 -07:00
skein_zfs.c DLPX-44812 integrate EP-220 large memory scalability 2016-11-29 14:34:27 -08:00
spa_boot.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
spa_checkpoint.c Add subcommand to wait for background zfs activity to complete 2019-09-13 18:09:06 -07:00
spa_config.c Add zfs_file_* interface, remove vnodes 2019-11-21 09:32:57 -08:00
spa_errlog.c Fix typos in module/zfs/ 2019-09-02 17:56:41 -07:00
spa_history.c Fix strdup conflict on other platforms 2019-10-10 09:47:06 -07:00
spa_log_spacemap.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
spa_misc.c Refactor deadman set failmode to be cross platform 2019-12-05 12:40:45 -08:00
spa.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
space_map.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
space_reftree.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
THIRDPARTYLICENSE.cityhash OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
THIRDPARTYLICENSE.cityhash.descrip OpenZFS 8484 - Implement aggregate sum and use for arc counters 2018-06-06 09:35:59 -07:00
txg.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
uberblock.c MMP interval and fail_intervals in uberblock 2019-03-21 12:47:57 -07:00
unique.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
vdev_cache.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
vdev_indirect_births.c Fixes: #8934 Large kmem_alloc 2019-07-10 15:54:49 -07:00
vdev_indirect_mapping.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
vdev_indirect.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
vdev_initialize.c Include prototypes for vdev_initialize 2019-10-31 10:09:01 -07:00
vdev_label.c Add zfs_file_* interface, remove vnodes 2019-11-21 09:32:57 -08:00
vdev_mirror.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
vdev_missing.c Update vdev_ops_t from illumos 2019-06-20 18:29:02 -07:00
vdev_queue.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
vdev_raidz_math_aarch64_neon_common.h OpenZFS restructuring - move platform specific headers 2019-09-05 09:34:54 -07:00
vdev_raidz_math_aarch64_neon.c Linux 5.0 compat: SIMD compatibility 2019-07-12 09:31:20 -07:00
vdev_raidz_math_aarch64_neonx2.c Linux 5.0 compat: SIMD compatibility 2019-07-12 09:31:20 -07:00
vdev_raidz_math_avx2.c OpenZFS restructuring - move platform specific headers 2019-09-05 09:34:54 -07:00
vdev_raidz_math_avx512bw.c OpenZFS restructuring - move platform specific headers 2019-09-05 09:34:54 -07:00
vdev_raidz_math_avx512f.c Make clang happy with vdev_raidz_ code 2019-10-10 09:45:37 -07:00
vdev_raidz_math_impl.h codebase style improvements for OpenZFS 6459 port 2017-01-22 13:25:40 -08:00
vdev_raidz_math_scalar.c Linux 5.3: Fix switch() fall though compiler errors 2019-08-21 09:29:23 -07:00
vdev_raidz_math_sse2.c Make clang happy with vdev_raidz_ code 2019-10-10 09:45:37 -07:00
vdev_raidz_math_ssse3.c OpenZFS restructuring - move platform specific headers 2019-09-05 09:34:54 -07:00
vdev_raidz_math.c Wrap module_param_call() routines under __linux__ 2019-12-03 09:56:15 -08:00
vdev_raidz.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
vdev_removal.c Fix use-after-free of vd_path in spa_vdev_remove() 2019-12-11 15:38:21 -08:00
vdev_root.c Update vdev_ops_t from illumos 2019-06-20 18:29:02 -07:00
vdev_trim.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
vdev.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
zap_leaf.c Off-by-one in zap_leaf_array_create() 2019-01-18 09:58:46 -08:00
zap_micro.c Reduce loaded range tree memory usage 2019-10-09 10:36:03 -07:00
zap.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
zcp_get.c Relocate common quota functions to shared code 2019-12-11 12:12:08 -08:00
zcp_global.c OpenZFS 8600 - ZFS channel programs - snapshot 2018-02-08 15:29:24 -08:00
zcp_iter.c Fix typos in module/zfs/ 2019-09-02 17:56:41 -07:00
zcp_synctask.c OpenZFS 9166 - zfs storage pool checkpoint 2018-06-26 10:07:42 -07:00
zcp.c Make module tunables cross platform 2019-09-05 14:49:49 -07:00
zfeature.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
zfs_byteswap.c Fix typos in module/zfs/ 2019-09-02 17:56:41 -07:00
zfs_fm.c Add zpool status -s (slow I/Os) and -p (parseable) 2018-11-08 16:47:24 -08:00
zfs_fuid.c Relocate common quota functions to shared code 2019-12-11 12:12:08 -08:00
zfs_ioctl.c Relocate common quota functions to shared code 2019-12-11 12:12:08 -08:00
zfs_log.c Eliminate Linux specific inode usage from common code 2019-12-11 11:53:57 -08:00
zfs_onexit.c Move zfs_onexit_fd_hold to platform code 2019-10-13 19:19:39 -07:00
zfs_quota.c Relocate common quota functions to shared code 2019-12-11 12:12:08 -08:00
zfs_ratelimit.c Change checksum & IO delay ratelimit values 2018-03-04 17:34:51 -08:00
zfs_replay.c Eliminate Linux specific inode usage from common code 2019-12-11 11:53:57 -08:00
zfs_rlock.c Move platform specific parts of zfs_znode.h to platform code 2019-11-06 10:54:25 -08:00
zfs_sa.c Add inode accessors to common code 2019-10-02 09:15:12 -07:00
zil.c Improve logging of 128KB writes 2019-11-11 09:27:59 -08:00
zio_checksum.c Disable EDONR on FreeBSD 2019-12-05 13:10:29 -08:00
zio_compress.c zio_decompress_data always ASSERTs successful decompression 2019-12-10 15:51:58 -08:00
zio_inject.c Replace ASSERTV macro with compiler annotation 2019-12-05 12:37:00 -08:00
zio.c Exclude data from cores unconditionally and metadata conditionally 2019-12-09 12:29:56 -08:00
zle.c Fix zle_decompress out of bound access 2018-02-09 10:08:05 -08:00
zrlock.c Enable use of DTRACE_PROBE* macros in "spl" module 2019-11-01 13:13:43 -07:00
zthr.c Fast Clone Deletion 2019-07-26 10:54:14 -07:00
zvol.c Move final zvol_remove_minors to common code 2019-10-25 13:42:54 -07:00