Zero pad bytes when allocating a ZIL record

When allocating a record, we round up the allocation size to a multiple
of 8.  In this case, any padding bytes should be zeroed, otherwise the
contents of uninitialized memory are written to the ZIL.

This was found using KMSAN.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by: Mark Johnston <markj@FreeBSD.org>
Closes #12383

diff --git a/module/zfs/zil.c b/module/zfs/zil.c
index d8d39f861c75b735d4cf70035dd95e1ba35a8d70..a60b0e04aa68c510dd8ed4de73a6c32cc92a7313 100644 (file)
--- a/module/zfs/zil.c
+++ b/module/zfs/zil.c
@@ -1785,18 +1785,19 @@ cont:
 }
 
 itx_t *
-zil_itx_create(uint64_t txtype, size_t lrsize)
+zil_itx_create(uint64_t txtype, size_t olrsize)
 {
-       size_t itxsize;
+       size_t itxsize, lrsize;
        itx_t *itx;
 
-       lrsize = P2ROUNDUP_TYPED(lrsize, sizeof (uint64_t), size_t);
+       lrsize = P2ROUNDUP_TYPED(olrsize, sizeof (uint64_t), size_t);
        itxsize = offsetof(itx_t, itx_lr) + lrsize;
 
        itx = zio_data_buf_alloc(itxsize);
        itx->itx_lr.lrc_txtype = txtype;
        itx->itx_lr.lrc_reclen = lrsize;
        itx->itx_lr.lrc_seq = 0;        /* defensive */
+       bzero((char *)&itx->itx_lr + olrsize, lrsize - olrsize);
        itx->itx_sync = B_TRUE;         /* default is synchronous */
        itx->itx_callback = NULL;
        itx->itx_callback_data = NULL;