FreeBSD src

Go to file

Richard Yao 1f3bc5ea80 Illumos #15286 : do_composition() needs sign awareness Authored by: Dan McDonald <danmcd@mnx.io> Reviewed by: Patrick Mooney <pmooney@pfmooney.com> Reviewed by: Richard Lowe <richlowe@richlowe.net> Approved by: Joshua M. Clulow <josh@sysmgr.org> Ported-by: Richard Yao <richard.yao@alumni.stonybrook.edu> Illumos-issue: https://www.illumos.org/issues/15286 Illumos-commit: `f137b22e73` Porting Notes: The patch in illumos did not have much of a commit message, and did not provide attribution to the reporter, while original patch proposed to OpenZFS did, so I am listing the reporter (myself) and original patch author (also myself) below while including the original commit message with some minor corrections as part of the porting notes: In do_composition(), we have: size = u8_number_of_bytes[p]; if (size <= 1 \|\| (p + size) > oslast) break; There, we have type promotion from int8_t to size_t, which is unsigned. C will sign extend the value as part of the widening before treating the value as unsigned and the negative values we can counter are error values from U8_ILLEGAL_CHAR and U8_OUT_OF_RANGE_CHAR, which are -1 and -2 respectively. The unsigned versions of these under two's complement are SIZE_MAX and SIZE_MAX-1 respectively. The bounds check is written under the assumption that `size <= 1` does a signed comparison. This is followed by a pointer comparison to see if the string has the correct length, which is fine. A little further down we have: for (i = 0; i < size; i++) tc[i] = p++; When an error condition is encountered, this will attempt to iterate at least SIZE_MAX-1 times, which will massively overflow the buffer, which is not fine. The kernel will kill the loop as soon as it hits the kernel stack guard on Linux systems built with CONFIG_VMAP_STACK=y, which should be just about all of them. That prevents arbitrary code execution and just about any other bad thing that a black hat attacker might attempt with knowledge of this buffer overflow. Other systems' kernels have mitigations for unbounded in-kernel buffer overflows that will catch this too. Also, the patch in illumos-gate made an effort to fix C style issues that had been fixed in the OpenZFS/ZFSOnLinux repository. Those issues had been mentioned in the email that I originally sent them about this issue. One of the fixes had not been already done, so it is included. Another to collect_a_seq()'s arguments was handled differently in OpenZFS. For the sake of avoiding unnecessary differences, it has been adopted. This has the interesting effect that if you correct the paths in the illumos-gate patch to match the current OpenZFS repository, you can reverse apply it cleanly. Original-patch-by: Richard Yao <richard.yao@alumni.stonybrook.edu> Reported-by: Richard Yao <richard.yao@alumni.stonybrook.edu> Co-authored-by: Dan McDonald <danmcd@mnx.io> Closes #14318 Closes #14342		2023-01-05 11:16:21 -08:00
.github	Add native-deb* targets to build native Debian packages	2022-12-13 17:33:05 -08:00
cmd	Update arc_summary and arcstat outputs	2023-01-05 09:29:13 -08:00
config	removal of LegacyVersion broke ax_python_dev.m4	2023-01-05 11:04:24 -08:00
contrib	Documentation corrections	2022-12-22 11:34:28 -08:00
etc	systemd: set restart=always for zfs-zed.service	2022-12-19 16:08:15 -08:00
include	Pack zrlock_t by 8 bytes	2023-01-05 09:31:55 -08:00
lib	deadlock between spa_errlog_lock and dp_config_rwlock	2022-12-22 11:48:49 -08:00
man	Update arc_summary and arcstat outputs	2023-01-05 09:29:13 -08:00
module	Illumos #15286 : do_composition() needs sign awareness	2023-01-05 11:16:21 -08:00
rpm	rpm: add support for openEuler	2022-11-29 09:27:22 -08:00
scripts	Add native-deb* targets to build native Debian packages	2022-12-13 17:33:05 -08:00
tests	arc_read()/arc_access() refactoring and cleanup	2022-12-22 12:10:24 -08:00
udev	Replace dead opensolaris.org license link	2022-07-11 14:16:13 -07:00
.editorconfig
.gitignore
.gitmodules
AUTHORS	zfs_rename: support RENAME_* flags	2022-10-28 09:49:20 -07:00
autogen.sh	Ubuntu 22.04 integration: ShellCheck	2022-11-18 11:24:48 -08:00
CODE_OF_CONDUCT.md	Documentation corrections	2022-12-22 11:34:28 -08:00
configure.ac	Add native-deb* targets to build native Debian packages	2022-12-13 17:33:05 -08:00
copy-builtin
COPYRIGHT
LICENSE
Makefile.am	Process `script` directory for all configs	2022-10-27 16:45:14 -07:00
META	Linux 6.0 compat: META	2022-10-26 14:55:12 -07:00
NEWS
NOTICE
README.md
RELEASES.md
TEST
zfs.release.in

README.md

OpenZFS is an advanced file system and volume manager which was originally developed for Solaris and is now maintained by the OpenZFS community. This repository contains the code for running OpenZFS on Linux and FreeBSD.

Official Resources

Documentation - for using and developing this repo
ZoL Site - Linux release info & links
Mailing lists
OpenZFS site - for conference videos and info on other platforms (illumos, OSX, Windows, etc)

Installation

Full documentation for installing OpenZFS on your favorite operating system can be found at the Getting Started Page.

Contribute & Develop

We have a separate document with contribution guidelines.

We have a Code of Conduct.

Release

OpenZFS is released under a CDDL license. For more details see the NOTICE, LICENSE and COPYRIGHT files; UCRL-CODE-235197

Supported Kernels

The META file contains the officially recognized supported Linux kernel versions.
Supported FreeBSD versions are any supported branches and releases starting from 12.2-RELEASE.