From b7faa7aabd420b056c9b9cbf6ab8849130385dca Mon Sep 17 00:00:00 2001 From: GeLiXin <47034221@qq.com> Date: Sat, 21 May 2016 11:34:06 +0800 Subject: Fix self-healing IO prior to dsl_pool_init() completion Async writes triggered by a self-healing IO may be issued before the pool finishes the process of initialization. This results in a NULL dereference of `spa->spa_dsl_pool` in vdev_queue_max_async_writes(). George Wilson recommended addressing this issue by initializing the passed `dsl_pool_t **` prior to dmu_objset_open_impl(). Since the caller is passing the `spa->spa_dsl_pool` this has the effect of ensuring it's initialized. However, since this depends on the caller knowing they must pass the `spa->spa_dsl_pool` an additional NULL check was added to vdev_queue_max_async_writes(). This guards against any future restructuring of the code which might result in dsl_pool_init() being called differently. Signed-off-by: GeLiXin <47034221@qq.com> Signed-off-by: Brian Behlendorf Closes #4652 --- module/zfs/vdev_queue.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'module/zfs/vdev_queue.c') diff --git a/module/zfs/vdev_queue.c b/module/zfs/vdev_queue.c index d67912d96..8522c2627 100644 --- a/module/zfs/vdev_queue.c +++ b/module/zfs/vdev_queue.c @@ -249,20 +249,29 @@ static int vdev_queue_max_async_writes(spa_t *spa) { int writes; - uint64_t dirty = spa->spa_dsl_pool->dp_dirty_total; + uint64_t dirty = 0; + dsl_pool_t *dp = spa_get_dsl(spa); uint64_t min_bytes = zfs_dirty_data_max * zfs_vdev_async_write_active_min_dirty_percent / 100; uint64_t max_bytes = zfs_dirty_data_max * zfs_vdev_async_write_active_max_dirty_percent / 100; + /* + * Async writes may occur before the assignment of the spa's + * dsl_pool_t if a self-healing zio is issued prior to the + * completion of dmu_objset_open_impl(). + */ + if (dp == NULL) + return (zfs_vdev_async_write_max_active); + /* * Sync tasks correspond to interactive user actions. To reduce the * execution time of those actions we push data out as fast as possible. */ - if (spa_has_pending_synctask(spa)) { + if (spa_has_pending_synctask(spa)) return (zfs_vdev_async_write_max_active); - } + dirty = dp->dp_dirty_total; if (dirty < min_bytes) return (zfs_vdev_async_write_min_active); if (dirty > max_bytes) -- cgit v1.2.3