Zero pad bytes when allocating a ZIL record

When allocating a record, we round up the allocation size to a multiple
of 8.  In this case, any padding bytes should be zeroed, otherwise the
contents of uninitialized memory are written to the ZIL.

This was found using KMSAN.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Mark Johnston <markj@FreeBSD.org>
Closes #12383
This commit is contained in:
Mark Johnston 2021-07-16 09:34:54 -04:00 committed by Tony Hutter
parent 900a444107
commit d6dc79eabc
1 changed files with 4 additions and 3 deletions

View File

@ -1783,18 +1783,19 @@ cont:
} }
itx_t * itx_t *
zil_itx_create(uint64_t txtype, size_t lrsize) zil_itx_create(uint64_t txtype, size_t olrsize)
{ {
size_t itxsize; size_t itxsize, lrsize;
itx_t *itx; itx_t *itx;
lrsize = P2ROUNDUP_TYPED(lrsize, sizeof (uint64_t), size_t); lrsize = P2ROUNDUP_TYPED(olrsize, sizeof (uint64_t), size_t);
itxsize = offsetof(itx_t, itx_lr) + lrsize; itxsize = offsetof(itx_t, itx_lr) + lrsize;
itx = zio_data_buf_alloc(itxsize); itx = zio_data_buf_alloc(itxsize);
itx->itx_lr.lrc_txtype = txtype; itx->itx_lr.lrc_txtype = txtype;
itx->itx_lr.lrc_reclen = lrsize; itx->itx_lr.lrc_reclen = lrsize;
itx->itx_lr.lrc_seq = 0; /* defensive */ itx->itx_lr.lrc_seq = 0; /* defensive */
bzero((char *)&itx->itx_lr + olrsize, lrsize - olrsize);
itx->itx_sync = B_TRUE; /* default is synchronous */ itx->itx_sync = B_TRUE; /* default is synchronous */
itx->itx_callback = NULL; itx->itx_callback = NULL;
itx->itx_callback_data = NULL; itx->itx_callback_data = NULL;