summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrian Behlendorf <[email protected]>2014-05-05 11:28:12 -0700
committerBrian Behlendorf <[email protected]>2014-05-06 10:41:48 -0700
commit2c33b9127569ad62b4cfe7dd4f651ceeee3d005c (patch)
tree8f6345e90df320a9640352a30f65ec9939364a02
parent962d52421236fc9cd61d59b4f18cff3276077da9 (diff)
Handle vdev_lookup_top() failure in dva_get_dsize_sync()
The dva_get_dsize_sync() function incorrectly assumes that the call to vdev_lookup_top() cannot fail. However, the NULL dereference at clearly shows that under certain circumstances it is possible. Note that offset 0x570 (1376) maps as expected to vd->vdev_deflate_ratio. BUG: unable to handle kernel NULL pointer dereference at 00000570 crash> struct -o vdev struct vdev { [0] uint64_t vdev_id; ... ... [1376] uint64_t vdev_deflate_ratio; Given that this can happen this patch add the required error handling. In the case where vdev_lookup_top() fails assume that no deflation will occur for the DVA and use the asize. Signed-off-by: Brian Behlendorf <[email protected]> Signed-off-by: Ned Bass <[email protected]> Signed-off-by: Alexey Zhuravlev <[email protected]> Closes #1707 Closes #1987 Closes #1891 Signed-off-by: Brian Behlendorf <[email protected]>
-rw-r--r--module/zfs/spa_misc.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/module/zfs/spa_misc.c b/module/zfs/spa_misc.c
index f1e1a7258..cdbe5a522 100644
--- a/module/zfs/spa_misc.c
+++ b/module/zfs/spa_misc.c
@@ -1552,7 +1552,9 @@ dva_get_dsize_sync(spa_t *spa, const dva_t *dva)
if (asize != 0 && spa->spa_deflate) {
vdev_t *vd = vdev_lookup_top(spa, DVA_GET_VDEV(dva));
- dsize = (asize >> SPA_MINBLOCKSHIFT) * vd->vdev_deflate_ratio;
+ if (vd != NULL)
+ dsize = (asize >> SPA_MINBLOCKSHIFT) *
+ vd->vdev_deflate_ratio;
}
return (dsize);