zfs/lib/libzfs
Rob N d0aa9dbccf
Use memset to zero stack allocations containing unions
C99 6.7.8.17 says that when an undesignated initialiser is used, only
the first element of a union is initialised. If the first element is not
the largest within the union, how the remaining space is initialised is
up to the compiler.

GCC extends the initialiser to the entire union, while Clang treats the
remainder as padding, and so initialises according to whatever
automatic/implicit initialisation rules are currently active.

When Linux is compiled with CONFIG_INIT_STACK_ALL_PATTERN,
-ftrivial-auto-var-init=pattern is added to the kernel CFLAGS. This flag
sets the policy for automatic/implicit initialisation of variables on
the stack.

Taken together, this means that when compiling under
CONFIG_INIT_STACK_ALL_PATTERN on Clang, the "zero" initialiser will only
zero the first element in a union, and the rest will be filled with a
pattern. This is significant for aes_ctx_t, which in
aes_encrypt_atomic() and aes_decrypt_atomic() is initialised to zero,
but then used as a gcm_ctx_t, which is the fifth element in the union,
and thus gets pattern initialisation. Later, it's assumed to be zero,
resulting in a hang.

As confusing and undiscoverable as it is, by the spec, we are at fault
when we initialise a structure containing a union with the zero
initializer. As such, this commit replaces these uses with an explicit
memset(0).

Sponsored-by: Klara, Inc.
Sponsored-by: Wasabi Technology, Inc.
Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <rob.norris@klarasystems.com>
Closes #16135
Closes #16206
2024-05-24 19:00:29 -07:00
..
os Replace P2ALIGN with P2ALIGN_TYPED and delete P2ALIGN. 2024-05-10 08:47:21 -07:00
.gitignore Clean up lib dependencies 2020-07-10 14:26:00 -07:00
Makefile.am libzfs: sendrecv: send_progress_thread: handle SIGINFO/SIGUSR1 2023-08-08 09:35:35 -07:00
THIRDPARTYLICENSE.openssl Fix typos in lib/ 2019-09-02 17:53:27 -07:00
THIRDPARTYLICENSE.openssl.descrip Encryption patch follow-up 2017-10-11 16:54:48 -04:00
libzfs.abi libspl: lift backtrace into a separate file 2024-05-14 09:48:45 -07:00
libzfs.pc.in Spruce up pkg-config files for libzfs/libzfs_core 2020-09-04 11:11:18 -07:00
libzfs.suppr Library ABI tracking with abigail 2020-11-17 09:18:52 -08:00
libzfs_changelist.c Add '-u' - nomount flag for zfs set 2023-10-02 16:58:54 -07:00
libzfs_config.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
libzfs_crypto.c libzfs: use zfs_strerror() in place of strerror() 2024-01-29 09:54:57 -08:00
libzfs_dataset.c Overflowing refreservation is bad 2024-04-29 11:32:49 -07:00
libzfs_diff.c libzfs: use zfs_strerror() in place of strerror() 2024-01-29 09:54:57 -08:00
libzfs_impl.h nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
libzfs_import.c Fix "out of memory" error 2024-01-12 12:35:29 -08:00
libzfs_iter.c libzfs: add v2 iterator interfaces 2023-04-10 11:53:02 -07:00
libzfs_mount.c Better control the thread pool size when mounting datasets 2024-05-14 09:36:21 -07:00
libzfs_pool.c Fix locale-specific time 2024-04-08 15:37:41 -07:00
libzfs_sendrecv.c Use memset to zero stack allocations containing unions 2024-05-24 19:00:29 -07:00
libzfs_status.c nvpair: Constify string functions 2023-03-14 15:25:50 -07:00
libzfs_util.c Add ashift validation when adding devices to a pool 2024-03-29 13:15:56 -06:00