c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2024-11-19 10:51:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
da3d266672
mirror_zfs/include/sys
History
Richard Yao 97143b9d31 Introduce kmem_scnprintf() 
`snprintf()` is meant to protect against buffer overflows, but operating
on the buffer using its return value, possibly by calling it again, can
cause a buffer overflow, because it will return how many characters it
would have written if it had enough space even when it did not. In a
number of places, we repeatedly call snprintf() by successively
incrementing a buffer offset and decrementing a buffer length, by its
return value. This is a potentially unsafe usage of `snprintf()`
whenever the buffer length is reached. CodeQL complained about this.

To fix this, we introduce `kmem_scnprintf()`, which will return 0 when
the buffer is zero or the number of written characters, minus 1 to
exclude the NULL character, when the buffer was too small. In all other
cases, it behaves like snprintf(). The name is inspired by the Linux and
XNU kernels' `scnprintf()`. The implementation was written before I
thought to look at `scnprintf()` and had a good name for it, but it
turned out to have identical semantics to the Linux kernel version.
That lead to the name, `kmem_scnprintf()`.

CodeQL only catches this issue in loops, so repeated use of snprintf()
outside of a loop was not caught. As a result, a thorough audit of the
codebase was done to examine all instances of `snprintf()` usage for
potential problems and a few were caught. Fixes for them are included in
this patch.

Unfortunately, ZED is one of the places where `snprintf()` is
potentially used incorrectly. Since using `kmem_scnprintf()` in it would
require changing how it is linked, we modify its usage to make it safe,
no matter what buffer length is used. In addition, there was a bug in
the use of the return value where the NULL format character was not
being written by pwrite(). That has been fixed.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14098
2022-10-29 13:05:11 -07:00
..
crypto Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
fm Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
fs Add options to zfs redundant_metadata property 2022-10-19 17:07:51 -07:00
lua autoconf: single-step includes 2022-05-10 10:18:51 -07:00
sysevent zed: Fix config_sync autoexpand flood 2022-09-08 10:32:30 -07:00
zstd Unbreak zstd build on sparc64 2022-05-25 09:18:49 -07:00
abd_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
abd.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
aggsum.h More aggsum optimizations 2021-06-07 09:02:47 -07:00
arc_impl.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
arc.h Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
avl_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
avl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bitops.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
blake3.h Fix BLAKE3 tuneable and module loading on Linux and FreeBSD 2022-09-16 14:25:53 -07:00
blkptr.h OpenZFS 8067 - zdb should be able to dump literal embedded block pointer 2017-07-07 11:28:01 -07:00
bplist.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bpobj.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bptree.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
bqueue.h zfs recv hangs if max recordsize is less than received recordsize 2022-09-16 13:52:25 -07:00
btree.h Optimize microzaps 2022-10-20 11:57:15 -07:00
dataset_kstats.h Add support for per dataset zil stats and use wmsum counters 2022-07-20 17:14:06 -07:00
dbuf.h Convert enum zio_flag to uint64_t 2022-10-27 09:54:54 -07:00
ddt.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_objset.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_recv.h Implement a new type of zfs receive: corrective receive (-c) 2022-07-28 15:52:46 -07:00
dmu_redact.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_send.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_traverse.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_tx.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dmu_zfetch.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
dmu.h Add options to zfs redundant_metadata property 2022-10-19 17:07:51 -07:00
dnode.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_bookmark.h Remaining {=> const} char|void *tag 2022-06-29 14:08:59 -07:00
dsl_crypt.h Fix zpool status in case of unloaded keys 2022-08-22 17:42:01 -07:00
dsl_dataset.h Add zfs.sync.snapshot_rename 2022-09-02 13:31:19 -07:00
dsl_deadlist.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
dsl_deleg.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_destroy.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_dir.h Add DD_FIELD string for snapshots_changed property 2022-09-02 13:33:50 -07:00
dsl_pool.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
dsl_prop.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_scan.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_synctask.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
dsl_userhold.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
edonr.h OpenZFS 4185 - add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R 2016-10-03 14:51:15 -07:00
efi_partition.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
frame.h Linux 5.10 compat: frame.h renamed objtool.h 2020-11-02 22:01:10 +00:00
hkdf.h Encryption patch follow-up 2017-10-11 16:54:48 -04:00
metaslab_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
metaslab.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
mmp.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
mntent.h Expose ZFS dataset case sensitivity setting via sb_opts 2022-07-14 10:38:16 -07:00
mod.h linux: module: weld all but spl.ko into zfs.ko 2022-04-20 13:28:24 -07:00
multilist.h Re-embed multilist_t storage 2021-06-10 10:42:31 -06:00
nvpair_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
nvpair.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
objlist.h Implement Redacted Send/Receive 2019-06-19 09:48:12 -07:00
pathname.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
qat.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
range_tree.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
rrwlock.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
sa_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
sa.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
skein.h OpenZFS 4185 - add new cryptographic checksums to ZFS: SHA-512, Skein, Edon-R 2016-10-03 14:51:15 -07:00
spa_checkpoint.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
spa_checksum.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
spa_impl.h Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
spa_log_spacemap.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
spa.h Introduce kmem_scnprintf() 2022-10-29 13:05:11 -07:00
space_map.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
space_reftree.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
sysevent.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
txg_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
txg.h Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
u8_textprep_data.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
u8_textprep.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
uberblock_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
uberblock.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
uio_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
unique.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
uuid.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_disk.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_draid.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_file.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_impl.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
vdev_indirect_births.h OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
vdev_indirect_mapping.h OpenZFS 7614, 9064 - zfs device evacuation/removal 2018-04-14 12:16:17 -07:00
vdev_initialize.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_raidz_impl.h Cleanup Raid-Z Typo fixes 2022-09-06 09:43:21 -07:00
vdev_raidz.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_rebuild.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev_removal.h Cleanup: Specify unsignedness on things that should not be signed 2022-09-27 16:42:41 -07:00
vdev_trim.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
vdev.h zed: mark disks as REMOVED when they are removed 2022-09-28 09:48:46 -07:00
xvattr.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zap_impl.h Optimize microzaps 2022-10-20 11:57:15 -07:00
zap_leaf.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zap.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zcp_global.h OpenZFS 7431 - ZFS Channel Programs 2018-02-08 15:28:18 -08:00
zcp_iter.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zcp_prop.h OpenZFS 7431 - ZFS Channel Programs 2018-02-08 15:28:18 -08:00
zcp_set.h Support setting user properties in a channel program 2020-02-14 13:41:42 -08:00
zcp.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
zfeature.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_acl.h Support idmapped mount 2022-10-19 11:17:09 -07:00
zfs_bootenv.h zfs label bootenv should store data as nvlist 2020-09-15 15:42:27 -07:00
zfs_chksum.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_context.h Introduce kmem_scnprintf() 2022-10-29 13:05:11 -07:00
zfs_debug.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_delay.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_file.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_fuid.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_ioctl_impl.h Cleanup: 64-bit kernel module parameters should use fixed width types 2022-10-13 10:03:29 -07:00
zfs_ioctl.h DMU_BACKUP_FEATURE: indicate that bit 28 and 29 are reserved 2022-09-27 16:55:32 -07:00
zfs_onexit.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_project.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_quota.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_racct.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_ratelimit.h Change checksum & IO delay ratelimit values 2018-03-04 17:34:51 -08:00
zfs_refcount.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_rlock.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_sa.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_stat.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_sysfs.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_vfsops.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_vnops.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_znode.h zfs_rename: support RENAME_* flags 2022-10-28 09:49:20 -07:00
zil_impl.h Add support for per dataset zil stats and use wmsum counters 2022-07-20 17:14:06 -07:00
zil.h zfs_rename: support RENAME_* flags 2022-10-28 09:49:20 -07:00
zio_checksum.h Fix double const qualifier declarations 2022-09-30 15:34:39 -07:00
zio_compress.h Fix double const qualifier declarations 2022-09-30 15:34:39 -07:00
zio_crypt.h Enable -Wwrite-strings 2022-06-29 14:08:54 -07:00
zio_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zio_priority.h Add device rebuild feature 2020-07-03 11:05:50 -07:00
zio.h Convert enum zio_flag to uint64_t 2022-10-27 09:54:54 -07:00
zrlock.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zthr.h Avoid memory allocations in the ARC eviction thread 2022-01-21 10:28:13 -08:00
zvol_impl.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zvol.h Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00