Author: mav Date: Tue Oct 11 16:46:16 2016 New Revision: 307052 URL: https://svnweb.freebsd.org/changeset/base/307052
Log: MFC r305193: MFV r302642: 6876 Stack corruption after importing a pool with a too-long name illumos/illumos-gate@c971037baa5d64dfecf6d87ed602fc3116ebec41 https://github.com/illumos/illumos-gate/commit/c971037baa5d64dfecf6d87ed602fc3116ebec41 https://www.illumos.org/issues/6876 Calling dsl_dataset_name on a dataset with a 256 byte buffer is asking for trouble. We should check every dataset on import, using a 1024 byte buffer and checking each time to see if the dataset's new name is longer than 256 bytes. Reviewed by: Prakash Surya <prakash.su...@delphix.com> Reviewed by: Dan Kimmel <dan.kim...@delphix.com> Reviewed by: George Wilson <george.wil...@delphix.com> Reviewed by: Yuri Pankov <yuri.pan...@nexenta.com> Approved by: Richard Lowe <richl...@richlowe.net> Author: Paul Dagnelie <p...@delphix.com> Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c ============================================================================== --- stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c Tue Oct 11 16:38:39 2016 (r307051) +++ stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/spa.c Tue Oct 11 16:46:16 2016 (r307052) @@ -1975,6 +1975,19 @@ spa_load_verify_cb(spa_t *spa, zilog_t * return (0); } +/* ARGSUSED */ +int +verify_dataset_name_len(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg) +{ + char namebuf[MAXPATHLEN]; + dsl_dataset_name(ds, namebuf); + if (strlen(namebuf) > MAXNAMELEN) { + return (SET_ERROR(ENAMETOOLONG)); + } + + return (0); +} + static int spa_load_verify(spa_t *spa) { @@ -1989,6 +2002,14 @@ spa_load_verify(spa_t *spa) if (policy.zrp_request & ZPOOL_NEVER_REWIND) return (0); + dsl_pool_config_enter(spa->spa_dsl_pool, FTAG); + error = dmu_objset_find_dp(spa->spa_dsl_pool, + spa->spa_dsl_pool->dp_root_dir_obj, verify_dataset_name_len, NULL, + DS_FIND_CHILDREN); + dsl_pool_config_exit(spa->spa_dsl_pool, FTAG); + if (error != 0) + return (error); + rio = zio_root(spa, NULL, &sle, ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE); _______________________________________________ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
