Pawel Jakub Dawidek
2010-Apr-03 18:06 UTC
[zfs-code] Possible use of uninitialized statbuf.
Hi.
I was looking at the code and it seems statbuf can be used without being
initialized in zpool_vdev.c:make_leaf_vdev().
We stat the given path only if it is not entire disk:
if (arg[0] == ''/'') {
/*
* Complete device or file path. Exact type is
* determined by
* examining the file descriptor afterwards.
*/
wholedisk = is_whole_disk(arg);
if (!wholedisk && (stat64(arg, &statbuf) != 0)) {
[...]
} else {
/*
* This may be a short path for a device, or it could be
* total
* gibberish. Check to see if it''s a known device in
* /dev/dsk/. As part of this check, see if we''ve been
* given a
* an entire disk (minus the slice number).
*/
(void) snprintf(path, sizeof (path), "%s/%s", DISK_ROOT,
arg);
wholedisk = is_whole_disk(path);
if (!wholedisk && (stat64(path, &statbuf) != 0)) {
[...]
Although later on we use statbuf in the following check:
/*
* For a whole disk, defer getting its devid until after
* labeling it.
*/
if (S_ISBLK(statbuf.st_mode) && !wholedisk) {
[...]
I think the best fix is to always stat the given file/device.
You can find the patch here:
http://people.freebsd.org/~pjd/patches/zpool_vdev.c.patch
--
Pawel Jakub Dawidek http://www.wheelsystems.com
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL:
<http://mail.opensolaris.org/pipermail/zfs-code/attachments/20100403/5036fff8/attachment.bin>
On 04/ 3/10 12:06 PM, Pawel Jakub Dawidek wrote:> Hi. > > I was looking at the code and it seems statbuf can be used without being > initialized in zpool_vdev.c:make_leaf_vdev(). >Thanks, I''ve opened the following bug to track this issue 6941196 possible use of unitialized statbuf> We stat the given path only if it is not entire disk: > > if (arg[0] == ''/'') { > /* > * Complete device or file path. Exact type is > * determined by > * examining the file descriptor afterwards. > */ > wholedisk = is_whole_disk(arg); > if (!wholedisk&& (stat64(arg,&statbuf) != 0)) { > [...] > } else { > /* > * This may be a short path for a device, or it could be > * total > * gibberish. Check to see if it''s a known device in > * /dev/dsk/. As part of this check, see if we''ve been > * given a > * an entire disk (minus the slice number). > */ > (void) snprintf(path, sizeof (path), "%s/%s", DISK_ROOT, > arg); > wholedisk = is_whole_disk(path); > if (!wholedisk&& (stat64(path,&statbuf) != 0)) { > [...] > > Although later on we use statbuf in the following check: > > /* > * For a whole disk, defer getting its devid until after > * labeling it. > */ > if (S_ISBLK(statbuf.st_mode)&& !wholedisk) { > [...] > > I think the best fix is to always stat the given file/device. > You can find the patch here: > > http://people.freebsd.org/~pjd/patches/zpool_vdev.c.patch > > > > > _______________________________________________ > zfs-code mailing list > zfs-code at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-code