Skip to content

Bugfix/downstream oss mem fixes #17973

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Bugfix/downstream oss mem fixes #17973

wants to merge 3 commits into from

Conversation

@sempervictus
Copy link
Contributor

@sempervictus sempervictus commented Nov 23, 2025
edited
Loading

Motivation and Context

fix #15668 and proxy upstreaming per discussion therein

Description

Upstream @bspengler-oss memory fixes for ZFS permitting operation under the much more rigorous memory and execution controls of grsecurity/pax kernels.

How Has This Been Tested?

2.3.4 no longer blows up with KERNSEAL+PRIVKSTACK+RAP+KERNEXEC+UDEREF and so forth

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Quality assurance (non-breaking change which makes the code more robust against bugs)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
  • Documentation (a change to man pages or other documentation)

Checklist:

@bspengler-oss
Fix interaction of abd_iter_map()/abd_iter_unmap() with HIGHMEM
b936662 
HIGHMEM kmap interfaces operate on only a single page at a time, yet ZFS hadn't accounted for this, resulting in crashes and potential memory corruption on HIGHMEM (typically 32-bit) systems.  This was caught by PaX's KERNSEAL feature as it makes use of HIGHMEM functionality on x64.
    
On typical 64-bit systems, this issue wouldn't have been observed, as the map interfaces simply fall back to returning an address in lowmem where the contiguous pages can be accessed directly.
    
Joint work with the PaX Team, tested by Mark van Dijk

Signed-off-by: bspengler-oss <[email protected]>
@bspengler-oss
Preserve LIFO ordering of kmap operations in abd_raidz_gen_iterate()
4bd4189 
ZFS typically preserves proper LIFO ordering regarding map/unmap operations that wrap the Linux kernel's kmap interfaces that require such ordering, but one instance in abd_raidz_gen_iterate() did not.
    
Similar issues have been fixed in the Linux kernel in the past, see for instance CVE-2025-39899 for userfaultfd.

Signed-off-by: bspengler-oss <[email protected]>
@bspengler-oss
Fix HIGHMEM/kmap API violation in zfs_uiomove_bvec_impl()
b7e48d8 
Fix another instance where ZFS assumes multiple pages can be mapped at once via zfs_kmap_local(), resulting in crashes and potential memory corruption on HIGHMEM-enabled (typically 32-bit) systems.

Signed-off-by: bspengler-oss <[email protected]>
@sempervictus
Copy link
Contributor Author

sempervictus commented Nov 24, 2025

Ping @behlendorf for continuity from the prior conversation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

HIGHMEM violation by kmap in zfs_uiomove_bvec_impl

2 participants

@sempervictus @bspengler-oss