Fix get_special_prop() build failure #9020

behlendorf · 2019-07-11T17:53:20Z

Motivation and Context

Build failure observed in #8999.

Description

The cast of the size_t returned by strlcpy() to a uint64_t by the
VERIFY3U can result in a build failure when CONFIG_FORTIFY_SOURCE
is set. This is due to the additional hardening. Since the token
will always fit in strval the VERIFY3U has been removed.

How Has This Been Tested?

Locally compiled and tested #8999 (comment)

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Performance enhancement (non-breaking change which improves efficiency)
Code cleanup (non-breaking change which makes code smaller or more readable)
Breaking change (fix or feature that would cause existing functionality to change)
Documentation (a change to man pages or other documentation)

Checklist:

My code follows the ZFS on Linux code style requirements.
I have updated the documentation accordingly.
I have read the contributing document.
I have added tests to cover my changes.
All new and existing tests passed.
All commit messages are properly formatted and contain Signed-off-by.

The cast of the size_t returned by strlcpy() to a uint64_t by the VERIFY3U can result in a build failure when CONFIG_FORTIFY_SOURCE is set. This is due to the additional hardening. Since the token will always fit in strval the VERIFY3U has been removed. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Issue openzfs#8999

codecov · 2019-07-12T02:40:56Z

Codecov Report

Merging #9020 into master will decrease coverage by 0.09%.
The diff coverage is 100%.

@@            Coverage Diff            @@
##           master    #9020     +/-   ##
=========================================
- Coverage   78.66%   78.56%   -0.1%     
=========================================
  Files         401      401             
  Lines      120146   120146             
=========================================
- Hits        94514    94396    -118     
- Misses      25632    25750    +118

Flag	Coverage Δ
#kernel	`79.45% <100%> (+0.02%)`	⬆️
#user	`66.34% <0%> (-0.26%)`	⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d230a65...b32ad91. Read the comment docs.

tonyhutter · 2019-07-15T23:36:06Z

Since the token will always fit in strval the VERIFY3U has been removed.

I looked at get_receive_resume_stats_impl() to see what token's size could be, but it wasn't clear. How do you know it will always fit in strval?

behlendorf · 2019-07-16T00:13:54Z

Technically you're right, we don't have a known hard maximum bound. The token is constructed from a compressed-packed nvlist that is generated, and we happen to know that the nvlist will be relatively small (since we constructed the nvlist). In practice the tokenized ascii version of it is around 200-300 bytes. A lot of redacted snapshots or bookmarks look like they could inflate that a little.

We've also got a lot of headroom here the buffer being allocated is 8192 byte so ~20x what we need. And if we were somehow able to generate a token that large, the worst case would be that a truncated token was returned.

That all said, you may be right there's no good reason not to check for the truncation here and return EOVERFLOW which should bubble up as a fatal lua error when getting properties. And not a truncated token.

The cast of the size_t returned by strlcpy() to a uint64_t by the VERIFY3U can result in a build failure when CONFIG_FORTIFY_SOURCE is set. This is due to the additional hardening. Since the token is expected to always fit in strval the VERIFY3U has been removed. If somehow it doesn't, it will still be safely truncated. Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Don Brady <don.brady@delphix.com> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Issue openzfs#8999 Closes openzfs#9020

The cast of the size_t returned by strlcpy() to a uint64_t by the VERIFY3U can result in a build failure when CONFIG_FORTIFY_SOURCE is set. This is due to the additional hardening. Since the token is expected to always fit in strval the VERIFY3U has been removed. If somehow it doesn't, it will still be safely truncated. Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Don Brady <don.brady@delphix.com> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Issue #8999 Closes #9020

behlendorf added the Status: Code Review Needed Ready for review and testing label Jul 11, 2019

behlendorf requested a review from don-brady July 11, 2019 17:53

behlendorf requested review from tonyhutter and ofaaland July 15, 2019 23:07

tonyhutter approved these changes Jul 16, 2019

View reviewed changes

don-brady approved these changes Jul 16, 2019

View reviewed changes

behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Jul 16, 2019

behlendorf merged commit 3b03ff2 into openzfs:master Jul 16, 2019

behlendorf deleted the fix-zcp_get branch April 19, 2021 19:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix get_special_prop() build failure #9020

Fix get_special_prop() build failure #9020

behlendorf commented Jul 11, 2019

codecov bot commented Jul 12, 2019 •

edited

Loading

tonyhutter commented Jul 15, 2019

behlendorf commented Jul 16, 2019

Fix get_special_prop() build failure #9020

Fix get_special_prop() build failure #9020

Conversation

behlendorf commented Jul 11, 2019

Motivation and Context

Description

How Has This Been Tested?

Types of changes

Checklist:

codecov bot commented Jul 12, 2019 • edited Loading

Codecov Report

tonyhutter commented Jul 15, 2019

behlendorf commented Jul 16, 2019

codecov bot commented Jul 12, 2019 •

edited

Loading