HomeFreeBSD
Diffusion FreeBSD src repository 72540ea3148a

zfsdev_getminor() should check for invalid file handles
72540ea3148a
Actions

Description

zfsdev_getminor() should check for invalid file handles

Unit testing at ClusterHQ found that passing an invalid file handle to
zfs_ioc_hold results in a NULL pointer dereference on a system without
assertions:

IP: [<ffffffffa0218aa0>] zfsdev_getminor+0x10/0x20 [zfs]
Call Trace:
[<ffffffffa021b4b0>] zfs_onexit_fd_hold+0x20/0x40 [zfs]
[<ffffffffa0214043>] zfs_ioc_hold+0x93/0xd0 [zfs]
[<ffffffffa0215890>] zfsdev_ioctl+0x200/0x500 [zfs]

An assertion would have caught this had they been enabled, but this is
something that the kernel module should handle without failing. We
resolve this by searching the linked list to ensure that the file
handle's private_data points to a valid zfsdev_state_t.

Signed-off-by: Richard Yao <ryao@gentoo.org>
Signed-off-by: Andriy Gapon <avg@FreeBSD.org>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3506

Details

Provenance
Richard Yao <richard.yao@clusterhq.com>Authored on Apr 16 2015, 1:20 PM
Brian Behlendorf <behlendorf1@llnl.gov>Committed on Jun 23 2015, 12:02 AM
Parents
rG99b14de42104: Make metaslab_aliquot a module parameter.
Branches
Unknown
Tags
Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rG72540ea3148a: zfsdev_getminor() should check for invalid file handles (authored by Richard Yao <richard.yao@clusterhq.com>).Jun 23 2015, 12:02 AM

Changes (4)

PathSize
include/
sys/
module/
zfs/

rG72540ea3148a

View Options

include/sys/zfs_ioctl.h

Loading...
View Options

module/zfs/fm.c

Loading...
View Options

module/zfs/zfs_ioctl.c

Loading...
View Options

module/zfs/zfs_onexit.c

Loading...