svn commit: r226483 -
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Xin LI
delphij at FreeBSD.org
Mon Oct 17 22:23:27 UTC 2011
Author: delphij
Date: Mon Oct 17 22:23:27 2011
New Revision: 226483
URL: http://svn.freebsd.org/changeset/base/226483
Log:
Fix a bug in sa_find_sizes() which could lead to panic:
When calculating space needed for SA_BONUS buffers,
hdrsize is always rounded up to next 8-aligned boundary.
However, in two places the round up was done against
sum of 'total' plus hdrsize. On the other hand,
hdrsize increments by 4 each time, which means in
certain conditions, we would end up returning with
will_spill == 0 and (total + hdrsize) larger than
full_space, leading to a failed assertion because
it's invalid for dmu_set_bonus.
Sponsored by: iXsystems, Inc.
Reviewed by: mm
MFC after: 3 days
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c Mon Oct 17 21:31:03 2011 (r226482)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c Mon Oct 17 22:23:27 2011 (r226483)
@@ -605,14 +605,14 @@ sa_find_sizes(sa_os_t *sa, sa_bulk_attr_
* and spill buffer.
*/
if (buftype == SA_BONUS && *index == -1 &&
- P2ROUNDUP(*total + hdrsize, 8) >
+ (*total + P2ROUNDUP(hdrsize, 8)) >
(full_space - sizeof (blkptr_t))) {
*index = i;
done = B_TRUE;
}
next:
- if (P2ROUNDUP(*total + hdrsize, 8) > full_space &&
+ if ((*total + P2ROUNDUP(hdrsize, 8)) > full_space &&
buftype == SA_BONUS)
*will_spill = B_TRUE;
}
More information about the svn-src-all
mailing list