[Bug 273663] zfsd crashes in the presence of pools with removed TLVs

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 21 Sep 2023 22:28:10 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273663

--- Comment #15 from commit-hook@FreeBSD.org ---
A commit in branch stable/12 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=b2dff90c0be7c92a228fdbee5f69335dcc8044fb

commit b2dff90c0be7c92a228fdbee5f69335dcc8044fb
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2023-09-12 01:20:39 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2023-09-21 22:26:29 +0000

    Fix zfsd with the device_removal pool feature.

    Previously zfsd would crash in the presence of a pool with a
    top-level-vdev that had previously been removed.  The crash happened
    because the configuration nvlist of such a TLV contains an empty
    ZPOOL_CONFIG_CHILDREN array, which led to a pop_front from an empty
    list, which has undefined behavior.

    The crash only happened in stable/14 and later, probably do to
    differences in libcxx, but the change should be MFCed anyway.

    PR:             273663
    Reported by:    Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
    Sponsored by:   Axcient
    Reviewed by:    mav
    Differential Revision: https://reviews.freebsd.org/D41818

    (cherry picked from commit 0b294a386d34f6584848ed52407687df7ae59861)

 cddl/usr.sbin/zfsd/tests/zfsd_unittest.cc | 37 +++++++++++++++++++++++++++++++
 cddl/usr.sbin/zfsd/vdev_iterator.cc       |  5 +----
 2 files changed, 38 insertions(+), 4 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.