diff options
author | Brian Behlendorf <[email protected]> | 2014-05-05 11:28:12 -0700 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2014-05-06 10:41:48 -0700 |
commit | 2c33b9127569ad62b4cfe7dd4f651ceeee3d005c (patch) | |
tree | 8f6345e90df320a9640352a30f65ec9939364a02 | |
parent | 962d52421236fc9cd61d59b4f18cff3276077da9 (diff) |
Handle vdev_lookup_top() failure in dva_get_dsize_sync()
The dva_get_dsize_sync() function incorrectly assumes that the call
to vdev_lookup_top() cannot fail. However, the NULL dereference at
clearly shows that under certain circumstances it is possible. Note
that offset 0x570 (1376) maps as expected to vd->vdev_deflate_ratio.
BUG: unable to handle kernel NULL pointer dereference at 00000570
crash> struct -o vdev
struct vdev {
[0] uint64_t vdev_id;
... ...
[1376] uint64_t vdev_deflate_ratio;
Given that this can happen this patch add the required error handling.
In the case where vdev_lookup_top() fails assume that no deflation
will occur for the DVA and use the asize.
Signed-off-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ned Bass <[email protected]>
Signed-off-by: Alexey Zhuravlev <[email protected]>
Closes #1707
Closes #1987
Closes #1891
Signed-off-by: Brian Behlendorf <[email protected]>
-rw-r--r-- | module/zfs/spa_misc.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/module/zfs/spa_misc.c b/module/zfs/spa_misc.c index f1e1a7258..cdbe5a522 100644 --- a/module/zfs/spa_misc.c +++ b/module/zfs/spa_misc.c @@ -1552,7 +1552,9 @@ dva_get_dsize_sync(spa_t *spa, const dva_t *dva) if (asize != 0 && spa->spa_deflate) { vdev_t *vd = vdev_lookup_top(spa, DVA_GET_VDEV(dva)); - dsize = (asize >> SPA_MINBLOCKSHIFT) * vd->vdev_deflate_ratio; + if (vd != NULL) + dsize = (asize >> SPA_MINBLOCKSHIFT) * + vd->vdev_deflate_ratio; } return (dsize); |