From ea076d6921d08deb22f51ff7f4ba00a08bc9dd86 Mon Sep 17 00:00:00 2001 From: Rob Norris Date: Fri, 27 Jun 2025 00:19:59 +1000 Subject: [PATCH] vdev_raidz_asize_to_psize: return psize, not asize Since 246e588, gang blocks written to raidz vdevs will write past the end of their allocation, corrupting themselves, other data, or both. The reason is simple - when allocating the gang children, we call vdev_psize_to_asize() to find out how much data we should load into the allocation we just did. vdev_raidz_asize_to_psize() had a bug; it computed the psize, but returned the original asize. The raidz layer dutifully writes that much out, into space beyond the end of the allocation. If there's existing data there, it gets overwritten, causing checksum errors when that data is read. Even there's not data there (unlikely, given that gang blocks are in play at all), that area is not considered allocated, so can be allocated and overwritten later. The fix is simple: return the psize we just computed. Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Reviewed-by: Alexander Motin Reviewed-by: George Melikov Reviewed-by: Allan Jude Signed-off-by: Rob Norris Closes #17488 --- module/zfs/vdev_raidz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/zfs/vdev_raidz.c b/module/zfs/vdev_raidz.c index a9b12471c..5941e645e 100644 --- a/module/zfs/vdev_raidz.c +++ b/module/zfs/vdev_raidz.c @@ -2260,7 +2260,7 @@ vdev_raidz_asize_to_psize(vdev_t *vd, uint64_t asize, uint64_t txg) psize -= nparity * DIV_ROUND_UP(psize, cols); psize <<= ashift; - return (asize); + return (psize); } /*