From 7118d33f2758eebf9e0d35ce36a74abbcabea1b7 Mon Sep 17 00:00:00 2001 From: Paul Dagnelie Date: Wed, 15 Jun 2016 14:51:27 -0700 Subject: [PATCH] OpenZFS 6876 - Stack corruption after importing a pool with a too-long name Reviewed by: Prakash Surya Reviewed by: Dan Kimmel Reviewed by: George Wilson Reviewed by: Yuri Pankov Ported-by: Brian Behlendorf Calling dsl_dataset_name on a dataset with a 256 byte buffer is asking for trouble. We should check every dataset on import, using a 1024 byte buffer and checking each time to see if the dataset's new name is longer than 256 bytes. OpenZFS-issue: https://www.illumos.org/issues/6876 OpenZFS-commit: https://github.com/openzfs/openzfs/commit/ca8674e --- lib/libzfs/libzfs_pool.c | 7 ++++++- module/zfs/spa.c | 18 ++++++++++++++++++ .../zpool_import_rename_001_pos.ksh | 13 ++++++++++++- 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/lib/libzfs/libzfs_pool.c b/lib/libzfs/libzfs_pool.c index 0a9780733fae..2484ddc12a58 100644 --- a/lib/libzfs/libzfs_pool.c +++ b/lib/libzfs/libzfs_pool.c @@ -1907,7 +1907,12 @@ zpool_import_props(libzfs_handle_t *hdl, nvlist_t *config, const char *newname, "one or more devices are already in use\n")); (void) zfs_error(hdl, EZFS_BADDEV, desc); break; - + case ENAMETOOLONG: + zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, + "new name of at least one dataset is longer than " + "the maximum allowable length")); + (void) zfs_error(hdl, EZFS_NAMETOOLONG, desc); + break; default: (void) zpool_standard_error(hdl, error, desc); zpool_explain_recover(hdl, diff --git a/module/zfs/spa.c b/module/zfs/spa.c index 88c4b5bb1b1e..6caeca6e5176 100644 --- a/module/zfs/spa.c +++ b/module/zfs/spa.c @@ -2001,6 +2001,16 @@ spa_load_verify_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp, return (0); } +/* ARGSUSED */ +int +verify_dataset_name_len(dsl_pool_t *dp, dsl_dataset_t *ds, void *arg) +{ + if (dsl_dataset_namelen(ds) >= ZFS_MAX_DATASET_NAME_LEN) + return (SET_ERROR(ENAMETOOLONG)); + + return (0); +} + static int spa_load_verify(spa_t *spa) { @@ -2015,6 +2025,14 @@ spa_load_verify(spa_t *spa) if (policy.zrp_request & ZPOOL_NEVER_REWIND) return (0); + dsl_pool_config_enter(spa->spa_dsl_pool, FTAG); + error = dmu_objset_find_dp(spa->spa_dsl_pool, + spa->spa_dsl_pool->dp_root_dir_obj, verify_dataset_name_len, NULL, + DS_FIND_CHILDREN); + dsl_pool_config_exit(spa->spa_dsl_pool, FTAG); + if (error != 0) + return (error); + rio = zio_root(spa, NULL, &sle, ZIO_FLAG_CANFAIL | ZIO_FLAG_SPECULATIVE); diff --git a/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_rename_001_pos.ksh b/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_rename_001_pos.ksh index 60ccc0dd6006..441f7a7ae036 100755 --- a/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_rename_001_pos.ksh +++ b/tests/zfs-tests/tests/functional/cli_root/zpool_import/zpool_import_rename_001_pos.ksh @@ -26,7 +26,7 @@ # # -# Copyright (c) 2012 by Delphix. All rights reserved. +# Copyright (c) 2012, 2015 by Delphix. All rights reserved. # . $STF_SUITE/include/libtest.shlib @@ -92,6 +92,8 @@ function cleanup [[ -d $ALTER_ROOT ]] && \ log_must $RM -rf $ALTER_ROOT + [[ -e $VDEV_FILE ]] && \ + log_must $RM $VDEV_FILE } log_onexit cleanup @@ -159,4 +161,13 @@ while (( i < ${#pools[*]} )); do ((i = i + 1)) done +VDEV_FILE=$(mktemp /tmp/tmp.XXXXXX) + +log_must $MKFILE -n 128M $VDEV_FILE +log_must $ZPOOL create testpool $VDEV_FILE +log_must $ZFS create testpool/testfs +ID=$($ZPOOL get -Ho value guid testpool) +log_must $ZPOOL export testpool +log_mustnot $ZPOOL import $(echo $ID) $($PRINTF "%*s\n" 250 "" | $TR ' ' 'c') + log_pass "Successfully imported and renamed a ZPOOL"