[Pkg-zfsonlinux-devel] Bug#989373: zfs-linux: Extra iov_iter_advance may lead to memory corruption
Antonio Russo
aerusso at aerusso.net
Wed Jun 2 03:43:07 BST 2021
Source: zfs-linux
Version: 2.0.1-1
Severity: grave
Tags: upstream
Justification: causes data loss
X-Debbugs-Cc: aerusso at aerusso.net
See Brian Behlendof's comment at [1], in the merge request for commit
3f81aba76, referencing the analysis of the bug report [2].
In summary: a kernel buffer iterator can be advanced beyond its end.
On kernels 5.12 and later, a safety mechanism has been created that
detects this error, but as of 5.10, this mechanism is not present
(AFAICT).
The aforementioned commit addresses the issue, and has also been
applied to 2.0.5-staging (as 3e0bc63e1). As of now, no released
version of ZFS addresses this issue.
There is a suggestion that this could lead to memory corruption,
which seems plausible. The lack of widespread data loss under ZFS
2.0 to date suggests that any corruption is relatively minor.
[1] https://github.com/openzfs/zfs/pull/12155#issuecomment-850935748
[2] https://github.com/openzfs/zfs/issues/12041
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xB01C53D5DED4A4EE.asc
Type: application/pgp-keys
Size: 7954 bytes
Desc: OpenPGP public key
URL: <http://alioth-lists.debian.net/pipermail/pkg-zfsonlinux-devel/attachments/20210601/edfeda80/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-zfsonlinux-devel/attachments/20210601/edfeda80/attachment.sig>
More information about the Pkg-zfsonlinux-devel
mailing list