c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-10-26 18:05:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

Always perform bounds-checking in metaslab_free_concrete

Browse Source 
The vd->vdev_ms access can overflow due to on-disk corruption, not just
due to programming bugs.  So it makes sense to check its boundaries even
in production builds.

Sponsored by:	ConnectWise
Reviewed by: Alek Pinchuk <pinchuk.alek@gmail.com>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by:	Alan Somers <asomers@gmail.com>
Closes #17136
This commit is contained in:
Alan Somers 2025-03-19 09:24:43 -06:00 committed by Tony Hutter
parent b0f2bcd063
commit 7cc60afb0b
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
module/zfs/metaslab.c
View File

@ -5406,12 +5406,13 @@ metaslab_free_concrete(vdev_t *vd, uint64_t offset, uint64_t asize,
{
metaslab_t *msp;
spa_t *spa = vd->vdev_spa;
int m = offset >> vd->vdev_ms_shift;
ASSERT(vdev_is_concrete(vd));
ASSERT3U(spa_config_held(spa, SCL_ALL, RW_READER), !=, 0);
ASSERT3U(offset >> vd->vdev_ms_shift, <, vd->vdev_ms_count);
VERIFY3U(m, <, vd->vdev_ms_count);
msp = vd->vdev_ms[offset >> vd->vdev_ms_shift];
msp = vd->vdev_ms[m];
VERIFY(!msp->ms_condensing);
VERIFY3U(offset, >=, msp->ms_start);