zfs_netbsd_{create,mknod,link,etc..} that call functions called
zfs_{create,mknod,link,etc..}. These later functions may return a
error code along with a *vpp that is NULL. This situation was not
handled by the zfs_netbsd_* functions and would result in a panic in a
number of cases. The simplest to trigger it was filling up a dataset
or pool resulting in a over quota condition. An attempt to create
another file, or directory at that point would panic.
The condition would be rechecked later again after subtracting start time
and most invalid inputs rejected. In corner cases the current code can
accept certain invalid inputs that will pass checks later and behave like
valid ones (due to signed integer overflow).
Reported-by: syzbot+3a4a07b62558bbbd3baa@syzkaller.appspotmail.com
- code that will be unreachable on platforms with
sizeof(double) != sizeof(unsigned long) triggered an valid out
of bounds warning. avoid the error by using sizeof ul.
- also assert that the sizes are the same if entering here.
both from kamil@.
- file has looks bogus maybe-uninitialized
- llvm triggers an attribute violation:
ScheduleDAGInstrs.cpp:1430:14: error: declaration of
'llvm::raw_ostream& llvm::operator<<(llvm::raw_ostream&, const llvm::ILPValue&)'
with attribute 'noinline' follows inline declaration [-Werror=attributes]
- ntp and pkg_install have obvious restrict violations, should be
fixed but i'm avoiding patching upstream code in this pass
- tftp has an array bounds that doesn't seem real issue
- sysinst's partman.c has major problem with passing the same
string as source and dest in snprintf, as a way to strcat
with formatting which trip restrict violations. non trivial
to fix so for now the warning is elided.
- Xext's XEVI.c has similar issue as partman.c
everyone and GCC 8 gets these warnings turned off for now:
-Wno-format-truncation
-Wno-stringop-overflow
-Wno-stringop-truncation
-Wno-cast-function-type
as they trip a large amount of code. most of them should be
investigated, but the few i looked at were not finding actually
real bugs, vs instances of poor coding, so skipping for now.
avoid passing the same pointer in multiple arguments for restrict
marked arguments:
- sigaction() wants separate in/out
- use memmove() not memcpy() for overlapping regions (this may fix
a real bug in nvi -- but it seems unlikely)
- select() wants separate read/write/except
- sigprocmask() wants separate set/oset
our implementation was fine, but the restrict marker is problematic
as gcc 8 is now more strict about checking for restrict issues.
this is the only actual consumer of swab(3) in our tree, though,
besides the test for it. oh well.
- netbsd/arm64 uses 64 byte malloc alignment
- make lsan compile on sparc*, mips*, ppc and arm64 again
- add missing sparc, alpha and i386 abi compat for struct __sanitizer_addrinfo
- avoid linux includes on arm64
- avoid multiply defined __ubsan_handle_cfi_bad_type when UBSAN_CAN_USE_CXXABI
isn't defined, and, undefine it
- bad_array_length.cc and bad_array_new.cc lose special build rules
- regen arm64 mknative
the map, and check the buffer on each bus_dmamap_sync. This allows us to
find DMA buffer overflows and UAFs, which couldn't be found before because
the device accesses to memory are outside of KASAN's control.
Once a thread was stopped with ptrace(2), userland process must not
be able to unstop it deliberately or by an accident.
This was a Windows-style behavior that makes threading tracing fragile.
