diff options
author | Richard Yao <[email protected]> | 2023-03-04 15:38:06 -0500 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2023-03-08 13:51:31 -0800 |
commit | 399bb816070500e7c784e14198a2209bf083b4e9 (patch) | |
tree | 44a650efb4ce385cfbdc8b9ea307c7b6c92d4e8e /module/zfs/vdev.c | |
parent | 0b831cabc6e5f210445d90c89996abc88169f01f (diff) |
Suppress Clang Static Analyzer warning in vdev_split()
Clang's static analyzer pointed out that we can have a NULL pointer
dereference if we ever attempt to split a vdev that has only 1 child. If
that happens, we are left with zero children, but then try to access a
non-existent child. Calling vdev_split() on a vdev with only 1 child
should be impossible due to how the code is structured. If this ever
happens, it would be best to stop execution immediately even in a
production environment to allow for the best possible chance of recovery
by an expert, so we use `VERIFY3U()` instead of `ASSERT3U()`.
Unfortunately, while that defensive assertion will prevent execution
from ever reaching the NULL pointer dereference, Clang's static analyzer
does not realize that, so we add an `ASSERT()` to inform it of this.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Richard Yao <[email protected]>
Closes #14575
Diffstat (limited to 'module/zfs/vdev.c')
-rw-r--r-- | module/zfs/vdev.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/module/zfs/vdev.c b/module/zfs/vdev.c index 8f3e461ba..275d5cbbf 100644 --- a/module/zfs/vdev.c +++ b/module/zfs/vdev.c @@ -5396,9 +5396,13 @@ vdev_split(vdev_t *vd) { vdev_t *cvd, *pvd = vd->vdev_parent; + VERIFY3U(pvd->vdev_children, >, 1); + vdev_remove_child(pvd, vd); vdev_compact_children(pvd); + ASSERT3P(pvd->vdev_child, !=, NULL); + cvd = pvd->vdev_child[0]; if (pvd->vdev_children == 1) { vdev_remove_parent(cvd); |