Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity
zfs/module
History
Richard Yao c9e237a7b2 Userspace can pass zero length segments via writev/readv 
Userspace can trigger an assertion by passing a zero-length segment
when assertions are enabled:

[27961.614792] VERIFY3(skip < iov->iov_len) failed (0 < 0)
[27961.614795] PANIC at zfs_uio.c:187:uio_prefaultpages()
[27961.614805] Call Trace:
[27961.614811]   dump_stack+0x45/0x57
[27961.614830]   spl_dumpstack+0x44/0x50 [spl]
[27961.614834]   spl_panic+0xbb/0x100 [spl]
[27961.614908]   uio_prefaultpages+0x134/0x140 [zcommon]
[27961.614930]   zfs_write+0x1fd/0xe80 [zfs]
[27961.615014]   zpl_write_common_iovec+0x7f/0x110 [zfs]
[27961.615035]   zpl_iter_write+0xa0/0xd0 [zfs]
[27961.615037]   do_iter_readv_writev+0x59/0x80
[27961.615063]   do_readv_writev+0x11b/0x260
[27961.615098]   vfs_writev+0x39/0x50
[27961.615100]   SyS_writev+0x4a/0xe0
[27961.615103]   system_call_fastpath+0x16/0x6e

The solution is to delete the assertion. This could potentially
occur in uiomove as well, which contains analogous assertions
that appear similarly unnecessary, so we remove those as well.

Reported-by: Jonathan Vasquez <jvasquez1011@gmail.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <ryao@gentoo.org>
Issue #3792
 		2015-09-29 15:27:14 -07:00
..
avl Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
nvpair Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
unicode Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
zcommon Userspace can pass zero length segments via writev/readv 2015-09-29 15:27:14 -07:00
zfs Revert "dmu_objset_userquota_get_ids uses dn_bonus unsafely" 2015-09-29 15:27:14 -07:00
zpios Linux 4.2 compat: misc_deregister() 2015-09-01 09:33:18 -07:00
.gitignore gitignore: anchor entries at their respective directory 2013-04-02 10:50:17 -07:00
Makefile.in Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00