diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2021-07-16 09:34:54 -0400 |
|---|---|---|
| committer | Brian Behlendorf <behlendorf1@llnl.gov> | 2021-08-31 10:30:21 -0700 |
| commit | 951aef3cd51c7f59034288d9cb242fe43a1e476f (patch) | |
| tree | fc94e2ec9581d045a5b608efaa09e1fee5d07581 | |
| parent | 992569cab998e379ee574f89167936351d234c7b (diff) | |
Zero pad bytes when allocating a ZIL record
When allocating a record, we round up the allocation size to a multiple
of 8. In this case, any padding bytes should be zeroed, otherwise the
contents of uninitialized memory are written to the ZIL.
This was found using KMSAN.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Mark Johnston <markj@FreeBSD.org>
Closes #12383
| -rw-r--r-- | module/zfs/zil.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/module/zfs/zil.c b/module/zfs/zil.c index 8b1222e14..e535cae69 100644 --- a/module/zfs/zil.c +++ b/module/zfs/zil.c @@ -1783,18 +1783,19 @@ cont: } itx_t * -zil_itx_create(uint64_t txtype, size_t lrsize) +zil_itx_create(uint64_t txtype, size_t olrsize) { - size_t itxsize; + size_t itxsize, lrsize; itx_t *itx; - lrsize = P2ROUNDUP_TYPED(lrsize, sizeof (uint64_t), size_t); + lrsize = P2ROUNDUP_TYPED(olrsize, sizeof (uint64_t), size_t); itxsize = offsetof(itx_t, itx_lr) + lrsize; itx = zio_data_buf_alloc(itxsize); itx->itx_lr.lrc_txtype = txtype; itx->itx_lr.lrc_reclen = lrsize; itx->itx_lr.lrc_seq = 0; /* defensive */ + bzero((char *)&itx->itx_lr + olrsize, lrsize - olrsize); itx->itx_sync = B_TRUE; /* default is synchronous */ itx->itx_callback = NULL; itx->itx_callback_data = NULL; |