2020-04-14 18:36:28 +00:00
|
|
|
/*
|
2020-06-10 04:24:09 +00:00
|
|
|
* CDDL HEADER START
|
2020-04-14 18:36:28 +00:00
|
|
|
*
|
|
|
|
* The contents of this file are subject to the terms of the
|
|
|
|
* Common Development and Distribution License (the "License").
|
|
|
|
* You may not use this file except in compliance with the License.
|
|
|
|
*
|
|
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
2022-07-11 21:16:13 +00:00
|
|
|
* or https://opensource.org/licenses/CDDL-1.0.
|
2020-04-14 18:36:28 +00:00
|
|
|
* See the License for the specific language governing permissions
|
|
|
|
* and limitations under the License.
|
|
|
|
*
|
|
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
|
|
*
|
|
|
|
* CDDL HEADER END
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) 2013 Martin Matuska <mm@FreeBSD.org>. All rights reserved.
|
|
|
|
*/
|
2021-05-15 11:00:05 +00:00
|
|
|
#include "../../libzfs_impl.h"
|
2020-04-14 18:36:28 +00:00
|
|
|
#include <libzfs.h>
|
|
|
|
#include <libzutil.h>
|
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <libintl.h>
|
|
|
|
#include <sys/linker.h>
|
|
|
|
#include <sys/module.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
2020-08-11 20:49:50 +00:00
|
|
|
#ifdef IN_BASE
|
|
|
|
#define ZFS_KMOD "zfs"
|
|
|
|
#else
|
|
|
|
#define ZFS_KMOD "openzfs"
|
|
|
|
#endif
|
|
|
|
|
2020-04-14 18:36:28 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
execvPe(const char *name, const char *path, char * const *argv,
|
|
|
|
char * const *envp)
|
|
|
|
{
|
|
|
|
const char **memp;
|
|
|
|
size_t cnt, lp, ln;
|
|
|
|
int eacces, save_errno;
|
2021-05-26 17:03:47 +00:00
|
|
|
char buf[MAXPATHLEN];
|
|
|
|
const char *bp, *np, *op, *p;
|
2020-04-14 18:36:28 +00:00
|
|
|
struct stat sb;
|
|
|
|
|
|
|
|
eacces = 0;
|
|
|
|
|
|
|
|
/* If it's an absolute or relative path name, it's easy. */
|
|
|
|
if (strchr(name, '/')) {
|
|
|
|
bp = name;
|
2021-05-26 17:03:47 +00:00
|
|
|
op = NULL;
|
2020-04-14 18:36:28 +00:00
|
|
|
goto retry;
|
|
|
|
}
|
|
|
|
bp = buf;
|
|
|
|
|
|
|
|
/* If it's an empty path name, fail in the usual POSIX way. */
|
|
|
|
if (*name == '\0') {
|
|
|
|
errno = ENOENT;
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
2021-05-26 17:03:47 +00:00
|
|
|
op = path;
|
|
|
|
ln = strlen(name);
|
|
|
|
while (op != NULL) {
|
|
|
|
np = strchrnul(op, ':');
|
|
|
|
|
2020-04-14 18:36:28 +00:00
|
|
|
/*
|
|
|
|
* It's a SHELL path -- double, leading and trailing colons
|
|
|
|
* mean the current directory.
|
|
|
|
*/
|
2021-05-26 17:03:47 +00:00
|
|
|
if (np == op) {
|
|
|
|
/* Empty component. */
|
2020-04-14 18:36:28 +00:00
|
|
|
p = ".";
|
|
|
|
lp = 1;
|
2021-05-26 17:03:47 +00:00
|
|
|
} else {
|
|
|
|
/* Non-empty component. */
|
|
|
|
p = op;
|
|
|
|
lp = np - op;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Advance to the next component or terminate after this. */
|
|
|
|
if (*np == '\0')
|
|
|
|
op = NULL;
|
|
|
|
else
|
|
|
|
op = np + 1;
|
2020-04-14 18:36:28 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If the path is too long complain. This is a possible
|
|
|
|
* security issue; given a way to make the path too long
|
|
|
|
* the user may execute the wrong program.
|
|
|
|
*/
|
|
|
|
if (lp + ln + 2 > sizeof (buf)) {
|
|
|
|
(void) write(STDERR_FILENO, "execvP: ", 8);
|
|
|
|
(void) write(STDERR_FILENO, p, lp);
|
|
|
|
(void) write(STDERR_FILENO, ": path too long\n",
|
|
|
|
16);
|
|
|
|
continue;
|
|
|
|
}
|
2022-02-25 13:26:54 +00:00
|
|
|
memcpy(buf, p, lp);
|
2020-04-14 18:36:28 +00:00
|
|
|
buf[lp] = '/';
|
2022-02-25 13:26:54 +00:00
|
|
|
memcpy(buf + lp + 1, name, ln);
|
2020-04-14 18:36:28 +00:00
|
|
|
buf[lp + ln + 1] = '\0';
|
|
|
|
|
|
|
|
retry: (void) execve(bp, argv, envp);
|
|
|
|
switch (errno) {
|
|
|
|
case E2BIG:
|
|
|
|
goto done;
|
|
|
|
case ELOOP:
|
|
|
|
case ENAMETOOLONG:
|
|
|
|
case ENOENT:
|
|
|
|
break;
|
|
|
|
case ENOEXEC:
|
|
|
|
for (cnt = 0; argv[cnt]; ++cnt)
|
|
|
|
;
|
2021-05-26 17:03:47 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* cnt may be 0 above; always allocate at least
|
|
|
|
* 3 entries so that we can at least fit "sh", bp, and
|
|
|
|
* the NULL terminator. We can rely on cnt to take into
|
|
|
|
* account the NULL terminator in all other scenarios,
|
|
|
|
* as we drop argv[0].
|
|
|
|
*/
|
|
|
|
memp = alloca(MAX(3, cnt + 2) * sizeof (char *));
|
2020-04-14 18:36:28 +00:00
|
|
|
if (memp == NULL) {
|
|
|
|
/* errno = ENOMEM; XXX override ENOEXEC? */
|
|
|
|
goto done;
|
|
|
|
}
|
2021-05-26 17:03:47 +00:00
|
|
|
if (cnt > 0) {
|
|
|
|
memp[0] = argv[0];
|
|
|
|
memp[1] = bp;
|
2022-02-25 13:26:54 +00:00
|
|
|
memcpy(memp + 2, argv + 1,
|
2021-05-26 17:03:47 +00:00
|
|
|
cnt * sizeof (char *));
|
|
|
|
} else {
|
|
|
|
memp[0] = "sh";
|
|
|
|
memp[1] = bp;
|
|
|
|
memp[2] = NULL;
|
|
|
|
}
|
|
|
|
(void) execve(_PATH_BSHELL,
|
|
|
|
__DECONST(char **, memp), envp);
|
2020-04-14 18:36:28 +00:00
|
|
|
goto done;
|
|
|
|
case ENOMEM:
|
|
|
|
goto done;
|
|
|
|
case ENOTDIR:
|
|
|
|
break;
|
|
|
|
case ETXTBSY:
|
|
|
|
/*
|
|
|
|
* We used to retry here, but sh(1) doesn't.
|
|
|
|
*/
|
|
|
|
goto done;
|
|
|
|
default:
|
|
|
|
/*
|
|
|
|
* EACCES may be for an inaccessible directory or
|
|
|
|
* a non-executable file. Call stat() to decide
|
|
|
|
* which. This also handles ambiguities for EFAULT
|
|
|
|
* and EIO, and undocumented errors like ESTALE.
|
|
|
|
* We hope that the race for a stat() is unimportant.
|
|
|
|
*/
|
|
|
|
save_errno = errno;
|
|
|
|
if (stat(bp, &sb) != 0)
|
|
|
|
break;
|
|
|
|
if (save_errno == EACCES) {
|
|
|
|
eacces = 1;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
errno = save_errno;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (eacces)
|
|
|
|
errno = EACCES;
|
|
|
|
else
|
|
|
|
errno = ENOENT;
|
|
|
|
done:
|
|
|
|
return (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
execvpe(const char *name, char * const argv[], char * const envp[])
|
|
|
|
{
|
|
|
|
const char *path;
|
|
|
|
|
|
|
|
/* Get the path we're searching. */
|
|
|
|
if ((path = getenv("PATH")) == NULL)
|
|
|
|
path = _PATH_DEFPATH;
|
|
|
|
|
|
|
|
return (execvPe(name, path, argv, envp));
|
|
|
|
}
|
|
|
|
|
2020-12-14 17:28:24 +00:00
|
|
|
static __thread char errbuf[ERRBUFLEN];
|
2020-10-13 16:38:40 +00:00
|
|
|
|
2020-04-14 18:36:28 +00:00
|
|
|
const char *
|
|
|
|
libzfs_error_init(int error)
|
|
|
|
{
|
2020-10-13 16:38:40 +00:00
|
|
|
char *msg = errbuf;
|
2022-02-21 03:20:00 +00:00
|
|
|
size_t msglen = sizeof (errbuf);
|
2020-04-14 18:36:28 +00:00
|
|
|
|
2020-10-13 16:38:40 +00:00
|
|
|
if (modfind("zfs") < 0) {
|
Introduce kmem_scnprintf()
`snprintf()` is meant to protect against buffer overflows, but operating
on the buffer using its return value, possibly by calling it again, can
cause a buffer overflow, because it will return how many characters it
would have written if it had enough space even when it did not. In a
number of places, we repeatedly call snprintf() by successively
incrementing a buffer offset and decrementing a buffer length, by its
return value. This is a potentially unsafe usage of `snprintf()`
whenever the buffer length is reached. CodeQL complained about this.
To fix this, we introduce `kmem_scnprintf()`, which will return 0 when
the buffer is zero or the number of written characters, minus 1 to
exclude the NULL character, when the buffer was too small. In all other
cases, it behaves like snprintf(). The name is inspired by the Linux and
XNU kernels' `scnprintf()`. The implementation was written before I
thought to look at `scnprintf()` and had a good name for it, but it
turned out to have identical semantics to the Linux kernel version.
That lead to the name, `kmem_scnprintf()`.
CodeQL only catches this issue in loops, so repeated use of snprintf()
outside of a loop was not caught. As a result, a thorough audit of the
codebase was done to examine all instances of `snprintf()` usage for
potential problems and a few were caught. Fixes for them are included in
this patch.
Unfortunately, ZED is one of the places where `snprintf()` is
potentially used incorrectly. Since using `kmem_scnprintf()` in it would
require changing how it is linked, we modify its usage to make it safe,
no matter what buffer length is used. In addition, there was a bug in
the use of the return value where the NULL format character was not
being written by pwrite(). That has been fixed.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14098
2022-10-27 18:16:04 +00:00
|
|
|
size_t len = kmem_scnprintf(msg, msglen, dgettext(TEXT_DOMAIN,
|
2020-10-13 16:38:40 +00:00
|
|
|
"Failed to load %s module: "), ZFS_KMOD);
|
|
|
|
msg += len;
|
|
|
|
msglen -= len;
|
|
|
|
}
|
|
|
|
|
|
|
|
(void) snprintf(msg, msglen, "%s", strerror(error));
|
|
|
|
|
|
|
|
return (errbuf);
|
2020-04-14 18:36:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
zfs_ioctl(libzfs_handle_t *hdl, int request, zfs_cmd_t *zc)
|
|
|
|
{
|
2021-10-07 17:31:26 +00:00
|
|
|
return (lzc_ioctl_fd(hdl->libzfs_fd, request, zc));
|
2020-04-14 18:36:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Verify the required ZFS_DEV device is available and optionally attempt
|
|
|
|
* to load the ZFS modules. Under normal circumstances the modules
|
|
|
|
* should already have been loaded by some external mechanism.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
libzfs_load_module(void)
|
|
|
|
{
|
2020-08-11 20:49:50 +00:00
|
|
|
/*
|
|
|
|
* XXX: kldfind(ZFS_KMOD) would be nice here, but we retain
|
|
|
|
* modfind("zfs") so out-of-base openzfs userland works with the
|
|
|
|
* in-base module.
|
|
|
|
*/
|
2020-04-14 18:36:28 +00:00
|
|
|
if (modfind("zfs") < 0) {
|
|
|
|
/* Not present in kernel, try loading it. */
|
2020-08-11 20:49:50 +00:00
|
|
|
if (kldload(ZFS_KMOD) < 0 && errno != EEXIST) {
|
2020-04-14 18:36:28 +00:00
|
|
|
return (errno);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
zpool_relabel_disk(libzfs_handle_t *hdl, const char *path, const char *msg)
|
|
|
|
{
|
2022-02-16 12:09:27 +00:00
|
|
|
(void) hdl, (void) path, (void) msg;
|
2020-04-14 18:36:28 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2020-06-06 19:54:04 +00:00
|
|
|
zpool_label_disk(libzfs_handle_t *hdl, zpool_handle_t *zhp, const char *name)
|
2020-04-14 18:36:28 +00:00
|
|
|
{
|
2022-02-16 12:09:27 +00:00
|
|
|
(void) hdl, (void) zhp, (void) name;
|
2020-04-14 18:36:28 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
find_shares_object(differ_info_t *di)
|
|
|
|
{
|
2022-02-16 12:09:27 +00:00
|
|
|
(void) di;
|
2020-04-14 18:36:28 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2021-09-20 15:29:59 +00:00
|
|
|
int
|
|
|
|
zfs_destroy_snaps_nvl_os(libzfs_handle_t *hdl, nvlist_t *snaps)
|
|
|
|
{
|
2022-02-16 12:09:27 +00:00
|
|
|
(void) hdl, (void) snaps;
|
2021-09-20 15:29:59 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2020-04-14 18:36:28 +00:00
|
|
|
/*
|
|
|
|
* Attach/detach the given filesystem to/from the given jail.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
zfs_jail(zfs_handle_t *zhp, int jailid, int attach)
|
|
|
|
{
|
|
|
|
libzfs_handle_t *hdl = zhp->zfs_hdl;
|
2020-07-10 00:47:12 +00:00
|
|
|
zfs_cmd_t zc = {"\0"};
|
2020-04-14 18:36:28 +00:00
|
|
|
unsigned long cmd;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (attach) {
|
|
|
|
(void) snprintf(errbuf, sizeof (errbuf),
|
|
|
|
dgettext(TEXT_DOMAIN, "cannot jail '%s'"), zhp->zfs_name);
|
|
|
|
} else {
|
|
|
|
(void) snprintf(errbuf, sizeof (errbuf),
|
|
|
|
dgettext(TEXT_DOMAIN, "cannot unjail '%s'"), zhp->zfs_name);
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (zhp->zfs_type) {
|
|
|
|
case ZFS_TYPE_VOLUME:
|
|
|
|
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
|
|
|
|
"volumes can not be jailed"));
|
|
|
|
return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
|
|
|
|
case ZFS_TYPE_SNAPSHOT:
|
|
|
|
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
|
|
|
|
"snapshots can not be jailed"));
|
|
|
|
return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
|
|
|
|
case ZFS_TYPE_BOOKMARK:
|
|
|
|
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
|
|
|
|
"bookmarks can not be jailed"));
|
|
|
|
return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
|
2021-11-30 14:46:25 +00:00
|
|
|
case ZFS_TYPE_VDEV:
|
|
|
|
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
|
|
|
|
"vdevs can not be jailed"));
|
|
|
|
return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
|
2022-02-21 03:20:00 +00:00
|
|
|
case ZFS_TYPE_INVALID:
|
|
|
|
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
|
|
|
|
"invalid zfs_type_t: ZFS_TYPE_INVALID"));
|
|
|
|
return (zfs_error(hdl, EZFS_BADTYPE, errbuf));
|
2020-04-14 18:36:28 +00:00
|
|
|
case ZFS_TYPE_POOL:
|
|
|
|
case ZFS_TYPE_FILESYSTEM:
|
|
|
|
/* OK */
|
|
|
|
;
|
|
|
|
}
|
|
|
|
assert(zhp->zfs_type == ZFS_TYPE_FILESYSTEM);
|
|
|
|
|
|
|
|
(void) strlcpy(zc.zc_name, zhp->zfs_name, sizeof (zc.zc_name));
|
|
|
|
zc.zc_objset_type = DMU_OST_ZFS;
|
|
|
|
zc.zc_zoneid = jailid;
|
|
|
|
|
|
|
|
cmd = attach ? ZFS_IOC_JAIL : ZFS_IOC_UNJAIL;
|
2020-08-01 15:44:54 +00:00
|
|
|
if ((ret = zfs_ioctl(hdl, cmd, &zc)) != 0)
|
2020-04-14 18:36:28 +00:00
|
|
|
zfs_standard_error(hdl, errno, errbuf);
|
|
|
|
|
|
|
|
return (ret);
|
|
|
|
}
|
|
|
|
|
2020-07-06 18:57:24 +00:00
|
|
|
/*
|
|
|
|
* Set loader options for next boot.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
zpool_nextboot(libzfs_handle_t *hdl, uint64_t pool_guid, uint64_t dev_guid,
|
|
|
|
const char *command)
|
|
|
|
{
|
2020-07-10 00:47:12 +00:00
|
|
|
zfs_cmd_t zc = {"\0"};
|
2020-07-06 18:57:24 +00:00
|
|
|
nvlist_t *args;
|
|
|
|
|
|
|
|
args = fnvlist_alloc();
|
|
|
|
fnvlist_add_uint64(args, ZPOOL_CONFIG_POOL_GUID, pool_guid);
|
|
|
|
fnvlist_add_uint64(args, ZPOOL_CONFIG_GUID, dev_guid);
|
|
|
|
fnvlist_add_string(args, "command", command);
|
2022-03-16 18:51:28 +00:00
|
|
|
zcmd_write_src_nvlist(hdl, &zc, args);
|
|
|
|
int error = zfs_ioctl(hdl, ZFS_IOC_NEXTBOOT, &zc);
|
2020-07-06 18:57:24 +00:00
|
|
|
zcmd_free_nvlists(&zc);
|
|
|
|
nvlist_free(args);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2020-04-14 18:36:28 +00:00
|
|
|
/*
|
2022-04-14 22:00:02 +00:00
|
|
|
* Return allocated loaded module version, or NULL on error (with errno set)
|
2020-04-14 18:36:28 +00:00
|
|
|
*/
|
2022-04-14 22:00:02 +00:00
|
|
|
char *
|
|
|
|
zfs_version_kernel(void)
|
2020-04-14 18:36:28 +00:00
|
|
|
{
|
2022-04-14 22:00:02 +00:00
|
|
|
size_t l;
|
|
|
|
if (sysctlbyname("vfs.zfs.version.module",
|
|
|
|
NULL, &l, NULL, 0) == -1)
|
|
|
|
return (NULL);
|
|
|
|
char *version = malloc(l);
|
|
|
|
if (version == NULL)
|
|
|
|
return (NULL);
|
|
|
|
if (sysctlbyname("vfs.zfs.version.module",
|
|
|
|
version, &l, NULL, 0) == -1) {
|
|
|
|
free(version);
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
return (version);
|
2020-04-14 18:36:28 +00:00
|
|
|
}
|