HomeFreeBSD

ufs: Avoid subobject overflow in snapshot expunge code

Description

ufs: Avoid subobject overflow in snapshot expunge code

The code here tries to be smart and zeroes out both di_db and di_ib with
a single bzero call, thereby overrunning the di_db subobject. This is
fine on most architectures, if a little dodgy. However, on CHERI, the
compiler can optionally restrict the bounds on pointers to subobjects to
just that subobject, in order to mitigate intra-object buffer overflows,
and this is enabled in CheriBSD's pure-capability kernels.

Instead, use separate bzero calls for each array, and let the compiler
optimise it as it sees fit; even if it's not generating inline zeroing
code, Clang will happily optimise two consecutive bzero's to a single
larger call.

Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D33651

Details

Provenance
jrtc27Authored on Jan 2 2022, 8:55 PM
Reviewer
mckusick
Differential Revision
D33651: ufs: Avoid subobject overflow in snapshot expunge code
Parents
rG5b13fa7987c1: ufs: Rework shortlink handling to avoid subobject overflows
Branches
Unknown
Tags
Unknown