From owner-svn-src-projects@freebsd.org Tue Sep 3 14:06:13 2019 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 35208DC54E for ; Tue, 3 Sep 2019 14:06:13 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N7z85dJRz4PKH; Tue, 3 Sep 2019 14:06:12 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id BE0121A317; Tue, 3 Sep 2019 14:06:01 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 74BEF1B28B; Thu, 4 Apr 2019 20:25:02 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 25E008B1E3; Thu, 4 Apr 2019 20:25:02 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 0D91A1B289; Thu, 4 Apr 2019 20:25:02 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 4FD9D1B287 for ; Thu, 4 Apr 2019 20:24:59 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 05E6B8B1DF; Thu, 4 Apr 2019 20:24:59 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CFF9C28C7; Thu, 4 Apr 2019 20:24:58 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x34KOw3v029547; Thu, 4 Apr 2019 20:24:58 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x34KOwMB029546; Thu, 4 Apr 2019 20:24:58 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201904042024.x34KOwMB029546@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r345890 - projects/fuse2/sys/fs/fuse X-SVN-Group: projects X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: projects/fuse2/sys/fs/fuse X-SVN-Commit-Revision: 345890 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 25E008B1E3 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.94 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.95)[-0.945,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:06:13 -0000 X-Original-Date: Thu, 4 Apr 2019 20:24:58 +0000 (UTC) X-List-Received-Date: Tue, 03 Sep 2019 14:06:13 -0000 Author: asomers Date: Thu Apr 4 20:24:58 2019 New Revision: 345890 URL: https://svnweb.freebsd.org/changeset/base/345890 Log: fusefs: fix some uninitialized memory references This bug was long present, but was exacerbated by r345876. The problem is that fiov_refresh was bzero()ing a buffer _before_ it reallocated that buffer. That's obviously the wrong order. I fixed the order in r345876, which exposed the main problem. Previously, the first 160 bytes of the buffer were getting bzero()ed when it was first allocated in fiov_init. Subsequently, as that buffer got recycled between callers, the portion used by the _previous_ caller was getting bzero()ed by the current caller in fiov_refresh. The problem was never visible simply because no caller was trying to use more than 160 bytes. Now the buffer gets properly bzero()ed both at initialization time and any time it gets enlarged or reallocated. Sponsored by: The FreeBSD Foundation Modified: projects/fuse2/sys/fs/fuse/fuse_ipc.c Modified: projects/fuse2/sys/fs/fuse/fuse_ipc.c ============================================================================== --- projects/fuse2/sys/fs/fuse/fuse_ipc.c Thu Apr 4 19:59:31 2019 (r345889) +++ projects/fuse2/sys/fs/fuse/fuse_ipc.c Thu Apr 4 20:24:58 2019 (r345890) @@ -182,6 +182,11 @@ fiov_adjust(struct fuse_iov *fiov, size_t size) } fiov->allocated_size = FU_AT_LEAST(size); fiov->credit = fuse_iov_credit; + /* Clear data buffer after reallocation */ + bzero(fiov->base, size); + } else if (size > fiov->len) { + /* Clear newly extended portion of data buffer */ + bzero((char*)fiov->base + fiov->len, size - fiov->len); } fiov->len = size; } @@ -198,7 +203,6 @@ void fiov_refresh(struct fuse_iov *fiov) { fiov_adjust(fiov, 0); - bzero(fiov->base, fiov->len); } static int @@ -744,6 +748,8 @@ fdisp_refresh_pid(struct fuse_dispatcher *fdip, enum f struct mount *mp, uint64_t nid, pid_t pid, struct ucred *cred) { MPASS(fdip->tick); + MPASS2(sizeof(fdip->finh) + fdip->iosize <= fdip->tick->tk_ms_fiov.len, + "Must use fdisp_make_pid to increase the size of the fiov"); fticket_reset(fdip->tick); FUSE_DIMALLOC(&fdip->tick->tk_ms_fiov, fdip->finh, @@ -766,6 +772,7 @@ fdisp_make_pid(struct fuse_dispatcher *fdip, enum fuse fdip->tick = fuse_ticket_fetch(data); } + /* FUSE_DIMALLOC will bzero the fiovs when it enlarges them */ FUSE_DIMALLOC(&fdip->tick->tk_ms_fiov, fdip->finh, fdip->indata, fdip->iosize);