diff options
| author | Brian Behlendorf <[email protected]> | 2014-09-10 11:59:03 -0700 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2014-10-23 09:20:52 -0700 |
| commit | 5f6d0b6f5aa9af2ee5be74ac415a574b732c2c0f (patch) | |
| tree | df5f04a48563bf0d5f26cce993be2439175b83bb /module/zfs/arc.c | |
| parent | bc151f7b312dea09c6ec5b9a320e65140789643a (diff) | |
Handle block pointers with a corrupt logical size
The general strategy used by ZFS to verify that blocks are valid is
to checksum everything. This has the advantage of being extremely
robust and generically applicable regardless of the contents of
the block. If a blocks checksum is valid then its contents are
trusted by the higher layers.
This system works exceptionally well as long as bad data is never
written with a valid checksum. If this does somehow occur due to
a software bug or a memory bit-flip on a non-ECC system it may
result in kernel panic.
One such place where this could occur is if somehow the logical
size stored in a block pointer exceeds the maximum block size.
This will result in an attempt to allocate a buffer greater than
the maximum block size causing a system panic.
To prevent this from happening the arc_read() function has been
updated to detect this specific case. If a block pointer with an
invalid logical size is passed it will treat the block as if it
contained a checksum error.
Signed-off-by: Tim Chase <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #2678
Diffstat (limited to 'module/zfs/arc.c')
| -rw-r--r-- | module/zfs/arc.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/module/zfs/arc.c b/module/zfs/arc.c index 2c7abe6ec..b42bb4050 100644 --- a/module/zfs/arc.c +++ b/module/zfs/arc.c @@ -1434,12 +1434,12 @@ arc_space_return(uint64_t space, arc_space_type_t type) } arc_buf_t * -arc_buf_alloc(spa_t *spa, int size, void *tag, arc_buf_contents_t type) +arc_buf_alloc(spa_t *spa, uint64_t size, void *tag, arc_buf_contents_t type) { arc_buf_hdr_t *hdr; arc_buf_t *buf; - ASSERT3U(size, >, 0); + VERIFY3U(size, <=, SPA_MAXBLOCKSIZE); hdr = kmem_cache_alloc(hdr_cache, KM_PUSHPAGE); ASSERT(BUF_EMPTY(hdr)); hdr->b_size = size; @@ -1477,7 +1477,7 @@ static char *arc_onloan_tag = "onloan"; * freed. */ arc_buf_t * -arc_loan_buf(spa_t *spa, int size) +arc_loan_buf(spa_t *spa, uint64_t size) { arc_buf_t *buf; @@ -1837,7 +1837,7 @@ arc_buf_remove_ref(arc_buf_t *buf, void* tag) return (no_callback); } -int +uint64_t arc_buf_size(arc_buf_t *buf) { return (buf->b_hdr->b_size); @@ -3307,6 +3307,22 @@ top: enum zio_compress b_compress = ZIO_COMPRESS_OFF; uint64_t b_asize = 0; + /* + * Gracefully handle a damaged logical block size as a + * checksum error by passing a dummy zio to the done callback. + */ + if (size > SPA_MAXBLOCKSIZE) { + if (done) { + rzio = zio_null(pio, spa, NULL, + NULL, NULL, zio_flags); + rzio->io_error = ECKSUM; + done(rzio, buf, private); + zio_nowait(rzio); + } + rc = ECKSUM; + goto out; + } + if (hdr == NULL) { /* this block is not in the cache */ arc_buf_hdr_t *exists = NULL; |