aboutsummaryrefslogtreecommitdiffstats
path: root/module/zfs/vdev.c
diff options
context:
space:
mode:
authorRichard Yao <[email protected]>2023-03-04 15:38:06 -0500
committerBrian Behlendorf <[email protected]>2023-03-08 13:51:31 -0800
commit399bb816070500e7c784e14198a2209bf083b4e9 (patch)
tree44a650efb4ce385cfbdc8b9ea307c7b6c92d4e8e /module/zfs/vdev.c
parent0b831cabc6e5f210445d90c89996abc88169f01f (diff)
Suppress Clang Static Analyzer warning in vdev_split()
Clang's static analyzer pointed out that we can have a NULL pointer dereference if we ever attempt to split a vdev that has only 1 child. If that happens, we are left with zero children, but then try to access a non-existent child. Calling vdev_split() on a vdev with only 1 child should be impossible due to how the code is structured. If this ever happens, it would be best to stop execution immediately even in a production environment to allow for the best possible chance of recovery by an expert, so we use `VERIFY3U()` instead of `ASSERT3U()`. Unfortunately, while that defensive assertion will prevent execution from ever reaching the NULL pointer dereference, Clang's static analyzer does not realize that, so we add an `ASSERT()` to inform it of this. Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Richard Yao <[email protected]> Closes #14575
Diffstat (limited to 'module/zfs/vdev.c')
-rw-r--r--module/zfs/vdev.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/module/zfs/vdev.c b/module/zfs/vdev.c
index 8f3e461ba..275d5cbbf 100644
--- a/module/zfs/vdev.c
+++ b/module/zfs/vdev.c
@@ -5396,9 +5396,13 @@ vdev_split(vdev_t *vd)
{
vdev_t *cvd, *pvd = vd->vdev_parent;
+ VERIFY3U(pvd->vdev_children, >, 1);
+
vdev_remove_child(pvd, vd);
vdev_compact_children(pvd);
+ ASSERT3P(pvd->vdev_child, !=, NULL);
+
cvd = pvd->vdev_child[0];
if (pvd->vdev_children == 1) {
vdev_remove_parent(cvd);