Zero pad bytes when allocating a ZIL record

When allocating a record, we round up the allocation size to a multiple of 8. In this case, any padding bytes should be zeroed, otherwise the contents of uninitialized memory are written to the ZIL. This was found using KMSAN. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Alexander Motin <[email protected]> Signed-off-by: Mark Johnston <[email protected]> Closes #12383
author: Mark Johnston <[email protected]> 2021-07-16 09:34:54 -0400
committer: Brian Behlendorf <[email protected]> 2021-07-26 11:53:47 -0700
commit: 58714c2817891e27f08b964c7212bf331cee71ac (patch)
tree: 592080a939b022e5b227519f2a458f67fa8d0141 /module/zfs/zil.c
parent: 03363b2f86a97f95127085864a8323853f78f479 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/module/zfs/zil.c b/module/zfs/zil.c
index d8d39f861..a60b0e04a 100644
--- a/module/zfs/zil.c
+++ b/module/zfs/zil.c
@@ -1785,18 +1785,19 @@ cont:
 }
 
 itx_t *
-zil_itx_create(uint64_t txtype, size_t lrsize)
+zil_itx_create(uint64_t txtype, size_t olrsize)
 {
-	size_t itxsize;
+	size_t itxsize, lrsize;
 	itx_t *itx;
 
-	lrsize = P2ROUNDUP_TYPED(lrsize, sizeof (uint64_t), size_t);
+	lrsize = P2ROUNDUP_TYPED(olrsize, sizeof (uint64_t), size_t);
 	itxsize = offsetof(itx_t, itx_lr) + lrsize;
 
 	itx = zio_data_buf_alloc(itxsize);
 	itx->itx_lr.lrc_txtype = txtype;
 	itx->itx_lr.lrc_reclen = lrsize;
 	itx->itx_lr.lrc_seq = 0;	/* defensive */
+	bzero((char *)&itx->itx_lr + olrsize, lrsize - olrsize);
 	itx->itx_sync = B_TRUE;		/* default is synchronous */
 	itx->itx_callback = NULL;
 	itx->itx_callback_data = NULL;
author	Mark Johnston <[email protected]>	2021-07-16 09:34:54 -0400
committer	Brian Behlendorf <[email protected]>	2021-07-26 11:53:47 -0700
commit	58714c2817891e27f08b964c7212bf331cee71ac (patch)
tree	592080a939b022e5b227519f2a458f67fa8d0141 /module/zfs/zil.c
parent	03363b2f86a97f95127085864a8323853f78f479 (diff)