diff --git a/module/zfs/arc.c b/module/zfs/arc.c index 7697c5391..6acd36313 100644 --- a/module/zfs/arc.c +++ b/module/zfs/arc.c @@ -5911,17 +5911,24 @@ arc_read(zio_t *pio, spa_t *spa, const blkptr_t *bp, */ fstrans_cookie_t cookie = spl_fstrans_mark(); top: + /* + * Verify the block pointer contents are reasonable. This should + * always be the case since the blkptr is protected by a checksum. + * However, if there is damage it's desirable to detect this early + * and treat it as a checksum error. This allows an alternate blkptr + * to be tried when one is available (e.g. ditto blocks). + */ + if (!zfs_blkptr_verify(spa, bp, zio_flags & ZIO_FLAG_CONFIG_WRITER, + BLK_VERIFY_LOG)) { + rc = SET_ERROR(ECKSUM); + goto out; + } + if (!embedded_bp) { /* * Embedded BP's have no DVA and require no I/O to "read". * Create an anonymous arc buf to back it. */ - if (!zfs_blkptr_verify(spa, bp, zio_flags & - ZIO_FLAG_CONFIG_WRITER, BLK_VERIFY_LOG)) { - rc = SET_ERROR(ECKSUM); - goto out; - } - hdr = buf_hash_find(guid, bp, &hash_lock); } diff --git a/module/zfs/zio.c b/module/zfs/zio.c index 85e05ee6a..c016fa323 100644 --- a/module/zfs/zio.c +++ b/module/zfs/zio.c @@ -1006,7 +1006,7 @@ zfs_blkptr_verify(spa_t *spa, const blkptr_t *bp, boolean_t config_held, * will be done once the zio is executed in vdev_mirror_map_alloc. */ if (!spa->spa_trust_config) - return (B_TRUE); + return (errors == 0); if (!config_held) spa_config_enter(spa, SCL_VDEV, bp, RW_READER);