Fix object reclaim when using large dnodes

Currently, when the receive_object() code wants to reclaim an object, it always assumes that the dnode is the legacy 512 bytes, even when the incoming bonus buffer exceeds this length. This causes a buffer overflow if --enable-debug is not provided and triggers an ASSERT if it is. This patch resolves this issue and adds an ASSERT to ensure this can't happen again. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Tom Caputi <[email protected]> Closes #7097 Closes #7433
author: Tom Caputi <[email protected]> 2018-04-17 14:13:57 -0400
committer: Brian Behlendorf <[email protected]> 2018-04-17 11:13:57 -0700
commit: e14a32b1c844d924b9f093375c0badcf10f61741 (patch)
tree: 933a0515c9755a3b8ef854221a45c2de2e1112fc /module/zfs/dnode.c
parent: 0c03d21ac99ebdbefe65c319fc3712928c40af78 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/module/zfs/dnode.c b/module/zfs/dnode.c
index 80d5f33d9..7620e11f0 100644
--- a/module/zfs/dnode.c
+++ b/module/zfs/dnode.c
@@ -676,8 +676,7 @@ dnode_reallocate(dnode_t *dn, dmu_object_type_t ot, int blocksize,
 	ASSERT(DMU_OT_IS_VALID(bonustype));
 	ASSERT3U(bonuslen, <=,
 	    DN_BONUS_SIZE(spa_maxdnodesize(dmu_objset_spa(dn->dn_objset))));
-
-	dn_slots = dn_slots > 0 ? dn_slots : DNODE_MIN_SLOTS;
+	ASSERT3U(bonuslen, <=, DN_BONUS_SIZE(dn_slots << DNODE_SHIFT));
 
 	dnode_free_interior_slots(dn);
 	DNODE_STAT_BUMP(dnode_reallocate);
author	Tom Caputi <[email protected]>	2018-04-17 14:13:57 -0400
committer	Brian Behlendorf <[email protected]>	2018-04-17 11:13:57 -0700
commit	e14a32b1c844d924b9f093375c0badcf10f61741 (patch)
tree	933a0515c9755a3b8ef854221a45c2de2e1112fc /module/zfs/dnode.c
parent	0c03d21ac99ebdbefe65c319fc3712928c40af78 (diff)