Skip to content

Commit

Permalink
Fix memory corruption during parallel zpool import with -o cachefile (o…
Browse files Browse the repository at this point in the history
…penzfs#16419)

When importing multiple pools, the nvlist of properties given with "-o"
is shared amongst the several threads.  So no thread should modify it.
Previously, in the course of validating the cachefile property, the
zpool_valid_proplist function would temporarily modify the value, and
then change it back.  Now it will operate on a clone of the value.

Sponsored by:   Axcient
Fixes openzfs#16405
Signed-off-by: Alan Somers <[email protected]>
Reviewed-by: Tony Hutter <[email protected]>
Reviewed-by: Allan Jude <[email protected]>
Reviewed-by: George Wilson <[email protected]>
Reviewed-by: Alexander Motin <[email protected]>
  • Loading branch information
asomers authored and lundman committed Sep 4, 2024
1 parent 2327936 commit 3ec0a81
Showing 1 changed file with 16 additions and 9 deletions.
25 changes: 16 additions & 9 deletions lib/libzfs/libzfs_pool.c
Original file line number Diff line number Diff line change
Expand Up @@ -528,9 +528,10 @@ zpool_valid_proplist(libzfs_handle_t *hdl, const char *poolname,
zpool_prop_t prop;
const char *strval;
uint64_t intval;
const char *slash, *check;
const char *check;
struct stat64 statbuf;
zpool_handle_t *zhp;
char *parent, *slash;
char report[1024];

if (nvlist_alloc(&retprops, NV_UNIQUE_NAME, 0) != 0) {
Expand Down Expand Up @@ -784,30 +785,36 @@ zpool_valid_proplist(libzfs_handle_t *hdl, const char *poolname,
goto error;
}

slash = strrchr(strval, '/');
parent = strdup(strval);
if (parent == NULL) {
(void) zfs_error(hdl, EZFS_NOMEM, errbuf);
goto error;
}
slash = strrchr(parent, '/');

if (slash[1] == '\0' || strcmp(slash, "/.") == 0 ||
strcmp(slash, "/..") == 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"'%s' is not a valid file"), strval);
"'%s' is not a valid file"), parent);
(void) zfs_error(hdl, EZFS_BADPATH, errbuf);
free(parent);
goto error;
}

*(char *)slash = '\0';
*slash = '\0';

if (strval[0] != '\0' &&
(stat64(strval, &statbuf) != 0 ||
if (parent[0] != '\0' &&
(stat64(parent, &statbuf) != 0 ||
!S_ISDIR(statbuf.st_mode))) {
*(char *)slash = '/';
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
"'%s' is not a valid directory"),
strval);
parent);
(void) zfs_error(hdl, EZFS_BADPATH, errbuf);
free(parent);
goto error;
}
free(parent);

*(char *)slash = '/';
break;

case ZPOOL_PROP_COMPATIBILITY:
Expand Down

0 comments on commit 3ec0a81

Please sign in to comment.