mirror_zfs/module/zcommon
Richard Yao b815ec32b3 Userspace can pass zero length segments via writev/readv
Userspace can trigger an assertion by passing a zero-length segment
when assertions are enabled:

[27961.614792] VERIFY3(skip < iov->iov_len) failed (0 < 0)
[27961.614795] PANIC at zfs_uio.c:187:uio_prefaultpages()
[27961.614805] Call Trace:
[27961.614811]   dump_stack+0x45/0x57
[27961.614830]   spl_dumpstack+0x44/0x50 [spl]
[27961.614834]   spl_panic+0xbb/0x100 [spl]
[27961.614908]   uio_prefaultpages+0x134/0x140 [zcommon]
[27961.614930]   zfs_write+0x1fd/0xe80 [zfs]
[27961.615014]   zpl_write_common_iovec+0x7f/0x110 [zfs]
[27961.615035]   zpl_iter_write+0xa0/0xd0 [zfs]
[27961.615037]   do_iter_readv_writev+0x59/0x80
[27961.615063]   do_readv_writev+0x11b/0x260
[27961.615098]   vfs_writev+0x39/0x50
[27961.615100]   SyS_writev+0x4a/0xe0
[27961.615103]   system_call_fastpath+0x16/0x6e

The solution is to delete the assertion. This could potentially
occur in uiomove as well, which contains analogous assertions
that appear similarly unnecessary, so we remove those as well.

Reported-by: Jonathan Vasquez <jvasquez1011@gmail.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <ryao@gentoo.org>
Issue #3792
2015-09-25 12:51:16 -07:00
..
Makefile.in Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
zfs_comutil.c Illumos #2882, #2883, #2900 2013-09-04 15:49:00 -07:00
zfs_deleg.c Change ASSERT(!"...") to cmn_err(CE_PANIC, ...) 2015-03-03 13:22:21 -08:00
zfs_fletcher.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
zfs_namecheck.c Illumos 4368, 4369. 2014-07-29 10:55:29 -07:00
zfs_prop.c Illumos 5027 - zfs large block support 2015-05-11 12:23:16 -07:00
zfs_uio.c Userspace can pass zero length segments via writev/readv 2015-09-25 12:51:16 -07:00
zpool_prop.c Illumos 5027 - zfs large block support 2015-05-11 12:23:16 -07:00
zprop_common.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00