mirror_zfs/module/zfs
Jason Zaman c9520ecc0f dmu: fix integer overflows
The params to the functions are uint64_t, but the offsets to memcpy
/ bcopy are calculated using 32bit ints. This patch changes them to
also be uint64_t so there isnt an overflow. PaX's Size Overflow
caught this when formatting a zvol.

Gentoo bug: #546490

PAX: offset: 1ffffb000 db->db_offset: 1ffffa000 db->db_size: 2000 size: 5000
PAX: size overflow detected in function dmu_read /var/tmp/portage/sys-fs/zfs-kmod-0.6.3-r1/work/zfs-zfs-0.6.3/module/zfs/../../module/zfs/dmu.c:781 cicus.366_146 max, count: 15
CPU: 1 PID: 2236 Comm: zvol/10 Tainted: P           O   3.17.7-hardened-r1 #1
Call Trace:
 [<ffffffffa0382ee8>] ? dsl_dataset_get_holds+0x9d58/0x343ce [zfs]
 [<ffffffff81a59c88>] dump_stack+0x4e/0x7a
 [<ffffffffa0393c2a>] ? dsl_dataset_get_holds+0x1aa9a/0x343ce [zfs]
 [<ffffffff81206696>] report_size_overflow+0x36/0x40
 [<ffffffffa02dba2b>] dmu_read+0x52b/0x920 [zfs]
 [<ffffffffa0373ad1>] zrl_is_locked+0x7d1/0x1ce0 [zfs]
 [<ffffffffa0364cd2>] zil_clean+0x9d2/0xc00 [zfs]
 [<ffffffffa0364f21>] zil_commit+0x21/0x30 [zfs]
 [<ffffffffa0373fe1>] zrl_is_locked+0xce1/0x1ce0 [zfs]
 [<ffffffff81a5e2c7>] ? __schedule+0x547/0xbc0
 [<ffffffffa01582e6>] taskq_cancel_id+0x2a6/0x5b0 [spl]
 [<ffffffff81103eb0>] ? wake_up_state+0x20/0x20
 [<ffffffffa0158150>] ? taskq_cancel_id+0x110/0x5b0 [spl]
 [<ffffffff810f7ff4>] kthread+0xc4/0xe0
 [<ffffffff810f7f30>] ? kthread_create_on_node+0x170/0x170
 [<ffffffff81a62fa4>] ret_from_fork+0x74/0xa0
 [<ffffffff810f7f30>] ? kthread_create_on_node+0x170/0x170

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3333
2015-05-04 09:12:00 -07:00
..
arc.c Mark all ZPL and ioctl functions as PF_FSTRANS 2015-04-03 11:38:59 -07:00
blkptr.c
bplist.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
bpobj.c
bptree.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
dbuf_stats.c Skip evicting dbufs when walking the dbuf hash 2015-02-06 09:24:28 -08:00
dbuf.c Illumos 5531 - NULL pointer dereference in dsl_prop_get_ds() 2015-04-28 16:25:44 -07:00
ddt_zap.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
ddt.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
dmu_diff.c Illumos 5314 - Remove "dbuf phys" db->db_data pointer aliases in ZFS 2015-04-28 16:25:20 -07:00
dmu_object.c
dmu_objset.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dmu_send.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dmu_traverse.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dmu_tx.c Illumos 5314 - Remove "dbuf phys" db->db_data pointer aliases in ZFS 2015-04-28 16:25:20 -07:00
dmu_zfetch.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
dmu.c dmu: fix integer overflows 2015-05-04 09:12:00 -07:00
dnode_sync.c Illumos 5531 - NULL pointer dereference in dsl_prop_get_ds() 2015-04-28 16:25:44 -07:00
dnode.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_bookmark.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_dataset.c Illumos 5592 - NULL pointer dereference in dsl_prop_notify_all_cb() 2015-04-28 16:25:58 -07:00
dsl_deadlist.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_deleg.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_destroy.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_dir.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_pool.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_prop.c Illumos 5531 - NULL pointer dereference in dsl_prop_get_ds() 2015-04-28 16:25:44 -07:00
dsl_scan.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
dsl_synctask.c Illumos 5314 - Remove "dbuf phys" db->db_data pointer aliases in ZFS 2015-04-28 16:25:20 -07:00
dsl_userhold.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
fm.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
gzip.c
lz4.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
lzjb.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
Makefile.in
metaslab.c Skip bad DVAs during free by setting zfs_recover=1 2015-02-13 16:02:04 -08:00
range_tree.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
refcount.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
rrwlock.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
sa.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
sha256.c
spa_boot.c
spa_config.c Use vmem_alloc() in spa_config_write() 2015-04-07 15:10:19 -07:00
spa_errlog.c
spa_history.c Illumos 5314 - Remove "dbuf phys" db->db_data pointer aliases in ZFS 2015-04-28 16:25:20 -07:00
spa_misc.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
spa_stats.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
spa.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
space_map.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
space_reftree.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
trace.c
txg.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
uberblock.c
unique.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
vdev_cache.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
vdev_disk.c Illumos #5244 - zio pipeline callers should explicitly invoke next stage 2015-04-30 15:07:47 -07:00
vdev_file.c Illumos #5244 - zio pipeline callers should explicitly invoke next stage 2015-04-30 15:07:47 -07:00
vdev_label.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
vdev_mirror.c Illumos #5244 - zio pipeline callers should explicitly invoke next stage 2015-04-30 15:07:47 -07:00
vdev_missing.c Illumos #5244 - zio pipeline callers should explicitly invoke next stage 2015-04-30 15:07:47 -07:00
vdev_queue.c 5313 Allow I/Os to be aggregated across ZIO priority classes 2015-04-24 15:16:56 -07:00
vdev_raidz.c Illumos #5244 - zio pipeline callers should explicitly invoke next stage 2015-04-30 15:07:47 -07:00
vdev_root.c
vdev.c Revert "Don't read space maps during import for readonly pools" 2015-02-09 16:56:59 -08:00
zap_leaf.c Illumos 5314 - Remove "dbuf phys" db->db_data pointer aliases in ZFS 2015-04-28 16:25:20 -07:00
zap_micro.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
zap.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
zfeature_common.c Illumos 3897 - zfs filesystem and snapshot limits 2015-04-28 16:22:51 -07:00
zfeature.c Use cached feature info in spa_add_feature_stats() 2015-03-05 14:11:10 -08:00
zfs_acl.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
zfs_byteswap.c
zfs_ctldir.c
zfs_debug.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
zfs_dir.c
zfs_fm.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
zfs_fuid.c
zfs_ioctl.c Illumos 5314 - Remove "dbuf phys" db->db_data pointer aliases in ZFS 2015-04-28 16:25:20 -07:00
zfs_log.c
zfs_onexit.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
zfs_replay.c
zfs_rlock.c Change KM_PUSHPAGE -> KM_SLEEP 2015-01-16 14:41:26 -08:00
zfs_sa.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
zfs_vfsops.c Reduce size of zfs_sb_t: allocate z_hold_mtx separately 2015-03-24 13:17:44 -07:00
zfs_vnops.c Fix kernel panic due to tsd_exit in ZFS_EXIT(zsb) 2015-04-24 14:57:54 -07:00
zfs_znode.c Allocate zfs_znode_cache on the Linux slab 2015-04-14 12:19:22 -07:00
zil.c Illumos 5056 - ZFS deadlock on db_mtx and dn_holds 2015-04-28 16:25:34 -07:00
zio_checksum.c
zio_compress.c
zio_inject.c zio_injection_enabled should not be a module option 2015-03-24 13:22:03 -07:00
zio.c Illumos #5244 - zio pipeline callers should explicitly invoke next stage 2015-04-30 15:07:47 -07:00
zle.c
zpl_ctldir.c Mark additional functions as PF_FSTRANS 2015-04-17 09:35:24 -07:00
zpl_export.c Mark additional functions as PF_FSTRANS 2015-04-17 09:35:24 -07:00
zpl_file.c Mark all ZPL and ioctl functions as PF_FSTRANS 2015-04-03 11:38:59 -07:00
zpl_inode.c Extend PF_FSTRANS critical regions 2015-04-24 09:54:22 -07:00
zpl_super.c Extend PF_FSTRANS critical regions 2015-04-24 09:54:22 -07:00
zpl_xattr.c Mark additional functions as PF_FSTRANS 2015-04-17 09:35:24 -07:00
zrlock.c Illumos 5812 - assertion failed in zrl_tryenter(): zr_owner==NULL 2015-04-30 14:43:40 -07:00
zvol.c Set the maximum ZVOL transfer size correctly 2015-03-25 11:58:42 -07:00