-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set ZFS_MAXPROPLEN and ZPOOL_MAXPROPLEN to ZAP_MAXVALUELEN #16248
Conversation
And you are legalizing it with this change if the property set on newer ZFS version is read on older. Though considering already existing discrepancy between FreeBSD and Linux I tend to agree that this is a step forward, just a bit doubtful. On a quick look I haven't found buffer overflows there, but it seems that both zfs_prop_get() and zpool_prop_get() are truncating the string instead of reporting error, that may cause unpredictable behavior. |
"In theory", we should probably, going forward, mark a feature flag active the first time someone writes one over 1024. We can't do anything about older systems, but we can ensure older systems know there are dragons if they read things after we noticed this oversight... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Certainly a step in the right direction. Technically we probably should have a feature flag for this, but in this case I think we can manage without one and avoid that additional complexity.
@0mp would you mind just rebasing this PR and it'll be good to go.
Sure! |
Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org>
Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org>
The documentation mentioned that the property name can be 256 characters long. This was incorrect. The last byte is reserved for NUL, so the name provided by the operator can be only 255 characters long. Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org>
So far, the values of ZFS_MAXPROPLEN and ZPOOL_MAXPROPLEN were equal to MAXPATHLEN, which is 1024 on FreeBSD and 4096 on Linux. This wasn't ideal. Some of the surprising outcomes of this implementation are: 1. When creating a pool user property with zpool-set(8), libzfs makes sure that the length of the property's value is less than ZFS_MAXPROPLEN. However, the ZFS kernel module does not do that. Instead, it checks the length against ZAP_MAXVALUELEN. As a result, it is possible to create a property the length of which is going to be larger than zpool(8) is ready to read. 2. A pool user property created on Linux is too big to be read on FreeBSD. This change sets both ZFS_MAXPROPLEN and ZPOOL_MAXPROPLEN to ZAP_MAXVALUELEN, which is 8192 at the moment. Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org>
Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes #16248
The documentation mentioned that the property name can be 256 characters long. This was incorrect. The last byte is reserved for NUL, so the name provided by the operator can be only 255 characters long. Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes #16248
So far, the values of ZFS_MAXPROPLEN and ZPOOL_MAXPROPLEN were equal to MAXPATHLEN, which is 1024 on FreeBSD and 4096 on Linux. This wasn't ideal. Some of the surprising outcomes of this implementation are: 1. When creating a pool user property with zpool-set(8), libzfs makes sure that the length of the property's value is less than ZFS_MAXPROPLEN. However, the ZFS kernel module does not do that. Instead, it checks the length against ZAP_MAXVALUELEN. As a result, it is possible to create a property the length of which is going to be larger than zpool(8) is ready to read. 2. A pool user property created on Linux is too big to be read on FreeBSD. This change sets both ZFS_MAXPROPLEN and ZPOOL_MAXPROPLEN to ZAP_MAXVALUELEN, which is 8192 at the moment. Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes #16248
Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes openzfs#16248
Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes openzfs#16248
The documentation mentioned that the property name can be 256 characters long. This was incorrect. The last byte is reserved for NUL, so the name provided by the operator can be only 255 characters long. Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes openzfs#16248
So far, the values of ZFS_MAXPROPLEN and ZPOOL_MAXPROPLEN were equal to MAXPATHLEN, which is 1024 on FreeBSD and 4096 on Linux. This wasn't ideal. Some of the surprising outcomes of this implementation are: 1. When creating a pool user property with zpool-set(8), libzfs makes sure that the length of the property's value is less than ZFS_MAXPROPLEN. However, the ZFS kernel module does not do that. Instead, it checks the length against ZAP_MAXVALUELEN. As a result, it is possible to create a property the length of which is going to be larger than zpool(8) is ready to read. 2. A pool user property created on Linux is too big to be read on FreeBSD. This change sets both ZFS_MAXPROPLEN and ZPOOL_MAXPROPLEN to ZAP_MAXVALUELEN, which is 8192 at the moment. Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes openzfs#16248
Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes openzfs#16248
Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de> Reviewed-by: Allan Jude <allan@klarasystems.com> Signed-off-by: Mateusz Piotrowski <0mp@FreeBSD.org> Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Closes openzfs#16248
Motivation and Context
So far, the values of
ZFS_MAXPROPLEN
andZPOOL_MAXPROPLEN
were equal toMAXPATHLEN
, which is:1024
on FreeBSD and4096
on Linux.This wasn't ideal. Some of the surprising outcomes of this implementation are:
sure that the length of the property's value is less than
ZFS_MAXPROPLEN
. However, the ZFS kernel module does not do that.Instead, it checks the length against
ZAP_MAXVALUELEN
. As a result,it is possible to create a property the length of which is going to
be larger than zpool(8) is ready to read.
FreeBSD.
Description
This change sets both
ZFS_MAXPROPLEN
andZPOOL_MAXPROPLEN
toZAP_MAXVALUELEN
, which is8192
at the moment.This PR also fixes some documentation issues in zpoolprops.7 and cleans up user_property tests.
Sponsored-by: Klara, Inc.
Sponsored-by: Wasabi Technology, Inc.
How Has This Been Tested?
I've run tests of the following tags:
zpool_set
,zfs_set
, andzfs_clone
.Types of changes
Checklist:
Signed-off-by
.