Fix an uninitialized data access (#16511)

zfs_acl_node_alloc allocates an uninitialized data buffer, but upstack
zfs_acl_chmod only partially initializes it.  KMSAN reported that this
memory remained uninitialized at the point when it was read by
lzjb_compress, which suggests a possible kernel memory disclosure bug.

The full KMSAN warning may be found in the PR.
https://github.com/openzfs/zfs/pull/16511

Signed-off-by:	Alan Somers <asomers@gmail.com>
Sponsored by:	Axcient
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>

diff --git a/module/os/freebsd/zfs/zfs_acl.c b/module/os/freebsd/zfs/zfs_acl.c
index 20466aeaaa05b82229f69e96b23348f018ec9204..1f1ac3a38d7a6373ac9893b8424cb336e2f58049 100644 (file)
--- a/module/os/freebsd/zfs/zfs_acl.c
+++ b/module/os/freebsd/zfs/zfs_acl.c
@@ -473,7 +473,7 @@ zfs_acl_node_alloc(size_t bytes)
 
        aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
        if (bytes) {
-               aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP);
+               aclnode->z_acldata = kmem_zalloc(bytes, KM_SLEEP);
                aclnode->z_allocdata = aclnode->z_acldata;
                aclnode->z_allocsize = bytes;
                aclnode->z_size = bytes;

diff --git a/module/os/linux/zfs/zfs_acl.c b/module/os/linux/zfs/zfs_acl.c
index 48abbc010917ff5a749f4d3cb3693bc5f0408110..206bc22095969834257c7c7c16b5ebd50228fffc 100644 (file)
--- a/module/os/linux/zfs/zfs_acl.c
+++ b/module/os/linux/zfs/zfs_acl.c
@@ -471,7 +471,7 @@ zfs_acl_node_alloc(size_t bytes)
 
        aclnode = kmem_zalloc(sizeof (zfs_acl_node_t), KM_SLEEP);
        if (bytes) {
-               aclnode->z_acldata = kmem_alloc(bytes, KM_SLEEP);
+               aclnode->z_acldata = kmem_zalloc(bytes, KM_SLEEP);
                aclnode->z_allocdata = aclnode->z_acldata;
                aclnode->z_allocsize = bytes;
                aclnode->z_size = bytes;