Date: Tue, 11 Oct 2016 16:46:16 +0000 (UTC) From: Alexander Motin <mav@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r307052 - stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs Message-ID: <201610111646.u9BGkG4Y022271@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mav Date: Tue Oct 11 16:46:16 2016 New Revision: 307052 URL: https://svnweb.freebsd.org/changeset/base/307052 Log: MFC r305193: MFV r302642: 6876 Stack corruption after importing a pool with a too-long name illumos/illumos-gate@c971037baa5d64dfecf6d87ed602fc3116ebec41 https://github.com/illumos/illumos-gate/commit/c971037baa5d64dfecf6d87ed602fc3116ebec41 https://www.illumos.org/issues/6876 Calling dsl_dataset_name on a dataset with a 256 byte buffer is asking for trouble. We should check every dataset on import, using a 1024 byte buffer and checking each time to see if the dataset's new name is longer than 256 bytes. Reviewed by: Prakash Surya <prakash.surya@delphix.com> Reviewed by: Dan Kimmel <dan.kimmel@delphix.com> Reviewed by: George Wilson <george.wilson@delphix.com> Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com> Approved by: Richard Lowe <richlowe@richlowe.net> Author: Paul Dagnelie <pcd@delphix.com> Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c ============================================================================== --- stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c Tue Oct 11 16:38:39 2016 (r307051) +++ stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c Tue Oct 11 16:46:16 2016 (r307052) @@ -1975,6 +1975,19 @@ spa_load_verify_cb(spa_t *spa, zilog_t * return (0); } +/* ARGSUSED */ +int +verify_dataset_name_len(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg) +{ + char namebuf[MAXPATHLEN]; + dsl_dataset_name(ds, namebuf); + if (strlen(namebuf) > MAXNAMELEN) { + return (SET_ERROR(ENAMETOOLONG)); + } + + return (0); +} + static int spa_load_verify(spa_t *spa) { @@ -1989,6 +2002,14 @@ spa_load_verify(spa_t *spa) if (policy.zrp_request & ZPOOL_NEVER_REWIND) return (0); + dsl_pool_config_enter(spa->spa_dsl_pool, FTAG); + error = dmu_objset_find_dp(spa->spa_dsl_pool, + spa->spa_dsl_pool->dp_root_dir_obj, verify_dataset_name_len, NULL, + DS_FIND_CHILDREN); + dsl_pool_config_exit(spa->spa_dsl_pool, FTAG); + if (error != 0) + return (error); + rio = zio_root(spa, NULL, &sle, ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610111646.u9BGkG4Y022271>