zfs/cmd
Richard Yao 73968defdd
Reject streams that set ->drr_payloadlen to unreasonably large values
In the zstream code, Coverity reported:

"The argument could be controlled by an attacker, who could invoke the
function with arbitrary values (for example, a very high or negative
buffer size)."

It did not report this in the kernel. This is likely because the
userspace code stored this in an int before passing it into the
allocator, while the kernel code stored it in a uint32_t.

However, this did reveal a potentially real problem. On 32-bit systems
and systems with only 4GB of physical memory or less in general, it is
possible to pass a large enough value that the system will hang. Even
worse, on Linux systems, the kernel memory allocator is not able to
support allocations up to the maximum 4GB allocation size that this
allows.

This had already been limited in userspace to 64MB by
`ZFS_SENDRECV_MAX_NVLIST`, but we need a hard limit in the kernel to
protect systems. After some discussion, we settle on 256MB as a hard
upper limit. Attempting to receive a stream that requires more memory
than that will result in E2BIG being returned to user space.

Reported-by: Coverity (CID-1529836)
Reported-by: Coverity (CID-1529837)
Reported-by: Coverity (CID-1529838)
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #14285
2023-01-23 13:16:22 -08:00
..
raidz_test Fix multiplication converted to larger type 2022-10-28 09:30:37 -07:00
zdb Revert "zdb: zdb_ddt_leak_init() reads uninitialized memory..." 2022-12-21 09:17:00 -08:00
zed Configure zed's diagnosis engine with vdev properties 2023-01-23 13:14:25 -08:00
zfs Use setproctitle to report progress of zfs send 2023-01-17 10:17:35 -08:00
zinject Fix unsafe string operations 2022-09-27 16:47:24 -07:00
zpool zpool-set: print error message when pool or vdev is not valid 2023-01-17 09:47:24 -08:00
zpool_influxdb Fix unchecked return values 2022-09-29 09:02:57 -07:00
zstream Reject streams that set ->drr_payloadlen to unreasonably large values 2023-01-23 13:16:22 -08:00
Makefile.am Add zilstat script to report zil kstats in a user friendly manner 2022-09-02 13:24:07 -07:00
arc_summary Update arc_summary and arcstat outputs 2023-01-05 09:29:13 -08:00
arcstat.in Update arc_summary and arcstat outputs 2023-01-05 09:29:13 -08:00
dbufstat.in Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
fsck.zfs.in cmd: move single-file binaries up, extract udev programs to udev/ 2022-05-10 10:20:34 -07:00
mount_zfs.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zfs_ids_to_path.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zgenhostid.c Replace dead opensolaris.org license link 2022-07-11 14:16:13 -07:00
zhack.c Cleanup: zhack should not declare function prototypes in main() 2022-12-08 13:51:24 -08:00
zilstat.in Add zilstat script to report zil kstats in a user friendly manner 2022-09-02 13:24:07 -07:00
ztest.c ztest: update ztest_dmu_snapshot_create_destroy() 2023-01-10 13:27:48 -08:00
zvol_wait zvol_wait logic may terminate prematurely 2022-10-11 12:12:04 -07:00