Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Fix an uninitialized data access 

zfs_acl_node_alloc allocates an uninitialized data buffer, but upstack
zfs_acl_chmod only partially initializes it.  KMSAN reported that this
memory remained uninitialized at the point when it was read by
lzjb_compress, which suggests a possible kernel memory disclosure bug.

The full KMSAN warning may be found in the PR.
https://github.com/openzfs/zfs/pull/16511

Signed-off-by:	Alan Somers <asomers@gmail.com>
Sponsored by:	Axcient
This commit is contained in:
Alan Somers 2024-09-05 15:34:03 -06:00
parent 17dd66deda
commit 361e11969f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
module/os/freebsd/zfs/zfs_acl.c
View File

@ -473,7 +473,7 @@ zfs_acl_node_alloc(size_t bytes)
aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP); aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
if (bytes) { if (bytes) {
aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP); aclnode->z_acldata = kmem_zalloc(bytes, KM_SLEEP);
aclnode->z_allocdata = aclnode->z_acldata; aclnode->z_allocdata = aclnode->z_acldata;
aclnode->z_allocsize = bytes; aclnode->z_allocsize = bytes;
aclnode->z_size = bytes; aclnode->z_size = bytes;

2
module/os/linux/zfs/zfs_acl.c
View File

@ -471,7 +471,7 @@ zfs_acl_node_alloc(size_t bytes)
aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP); aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
if (bytes) { if (bytes) {
aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP); aclnode->z_acldata = kmem_zalloc(bytes, KM_SLEEP);
aclnode->z_allocdata = aclnode->z_acldata; aclnode->z_allocdata = aclnode->z_acldata;
aclnode->z_allocsize = bytes; aclnode->z_allocsize = bytes;
aclnode->z_size = bytes; aclnode->z_size = bytes;