diff options
author | Ned Bass <[email protected]> | 2010-11-10 13:36:18 -0800 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2010-11-10 21:29:07 -0800 |
commit | e06be586410cdad14d2dce76af4f2d43eebe7c83 (patch) | |
tree | 62b9627e6cfdaec9fe187f062c3b4bdb8a839a23 /module | |
parent | 1f30b9d432dd48826cd562757d19c2771b0973e8 (diff) |
Fix for access beyond end of device error
This commit fixes a sign extension bug affecting l2arc devices. Extremely
large offsets may be passed down to the low level block device driver on
reads, generating errors similar to
attempt to access beyond end of device
sdbi1: rw=14, want=36028797014862705, limit=125026959
The unwanted sign extension occurrs because the function arc_read_nolock()
stores the offset as a daddr_t, a 32-bit signed int type in the Linux kernel.
This offset is then passed to zio_read_phys() as a uint64_t argument, causing
sign extension for values of 0x80000000 or greater. To avoid this, we store
the offset in a uint64_t.
This change also changes a few daddr_t struct members to uint64_t in the libspl
headers to avoid similar bugs cropping up in the future. We also add an ASSERT
to __vdev_disk_physio() to check for invalid offsets.
Closes #66
Signed-off-by: Brian Behlendorf <[email protected]>
Diffstat (limited to 'module')
-rw-r--r-- | module/zfs/arc.c | 2 | ||||
-rw-r--r-- | module/zfs/vdev_disk.c | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/module/zfs/arc.c b/module/zfs/arc.c index f8dfee2cc..32d99bf39 100644 --- a/module/zfs/arc.c +++ b/module/zfs/arc.c @@ -2777,7 +2777,7 @@ top: uint64_t size = BP_GET_LSIZE(bp); arc_callback_t *acb; vdev_t *vd = NULL; - daddr_t addr = -1; + uint64_t addr = -1; boolean_t devw = B_FALSE; if (hdr == NULL) { diff --git a/module/zfs/vdev_disk.c b/module/zfs/vdev_disk.c index 86a089d12..3e59bd226 100644 --- a/module/zfs/vdev_disk.c +++ b/module/zfs/vdev_disk.c @@ -360,6 +360,8 @@ __vdev_disk_physio(struct block_device *bdev, zio_t *zio, caddr_t kbuf_ptr, int bio_size, bio_count = 16; int i = 0, error = 0, block_size; + ASSERT3U(kbuf_offset + kbuf_size, <=, bdev->bd_inode->i_size); + retry: dr = vdev_disk_dio_alloc(bio_count); if (dr == NULL) |