git.proxmox.com Git - mirror

author	Brian Behlendorf <behlendorf1@llnl.gov>
	Wed, 10 Sep 2014 18:59:03 +0000 (11:59 -0700)
committer	Brian Behlendorf <behlendorf1@llnl.gov>
	Thu, 23 Oct 2014 16:20:52 +0000 (09:20 -0700)
commit	5f6d0b6f5aa9af2ee5be74ac415a574b732c2c0f
tree	df5f04a48563bf0d5f26cce993be2439175b83bb	tree
parent	bc151f7b312dea09c6ec5b9a320e65140789643a	commit \| diff

Handle block pointers with a corrupt logical size

The general strategy used by ZFS to verify that blocks are valid is
to checksum everything.  This has the advantage of being extremely
robust and generically applicable regardless of the contents of
the block.  If a blocks checksum is valid then its contents are
trusted by the higher layers.

This system works exceptionally well as long as bad data is never
written with a valid checksum.  If this does somehow occur due to
a software bug or a memory bit-flip on a non-ECC system it may
result in kernel panic.

One such place where this could occur is if somehow the logical
size stored in a block pointer exceeds the maximum block size.
This will result in an attempt to allocate a buffer greater than
the maximum block size causing a system panic.

To prevent this from happening the arc_read() function has been
updated to detect this specific case.  If a block pointer with an
invalid logical size is passed it will treat the block as if it
contained a checksum error.

Signed-off-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #2678

include/sys/arc.h		diff \| blob \| blame \| history
module/zfs/arc.c		diff \| blob \| blame \| history
module/zfs/dbuf.c		diff \| blob \| blame \| history