Fix the integer type in zfs_ioc_userspace_many()

Fix the mismatched type in zfs_ioc_userspace_many() and limit the
number of entries returned to 1000.  When a size larger than this
is requested the response is truncated, zfs_userspace() already
correctly handles short responses.  Historically, zfs_userspace()
has requested 100 entries at a time, this cap allows for 10x larger
batch sizes if needed in the future.

Reported-by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
Reported-by: and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #18615
This commit is contained in:
Brian Behlendorf
2026-05-15 01:11:24 +00:00
parent ef6f261454
commit 80fb85b80b
+8 -2
View File
@@ -6652,21 +6652,27 @@ zfs_ioc_userspace_one(zfs_cmd_t *zc)
* outputs:
* zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t)
* zc_cookie zap cursor
*
* The zc_nvlist_dst output array is limited to 1000 entries.
*/
static int
zfs_ioc_userspace_many(zfs_cmd_t *zc)
{
const size_t batch_limit = 1000 * sizeof (zfs_useracct_t);
uint64_t bufsize = MIN(zc->zc_nvlist_dst_size, batch_limit);
zfsvfs_t *zfsvfs;
int bufsize = zc->zc_nvlist_dst_size;
if (bufsize <= 0)
if (bufsize < sizeof (zfs_useracct_t)) {
zc->zc_nvlist_dst_size = sizeof (zfs_useracct_t);
return (SET_ERROR(ENOMEM));
}
int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE);
if (error != 0)
return (error);
void *buf = vmem_alloc(bufsize, KM_SLEEP);
zc->zc_nvlist_dst_size = bufsize;
error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie,
buf, &zc->zc_nvlist_dst_size, &zc->zc_guid);