diff options
| author | Brian Behlendorf <behlendorf1@llnl.gov> | 2021-09-09 18:02:07 -0700 |
|---|---|---|
| committer | Tony Hutter <hutter2@llnl.gov> | 2021-09-14 15:43:18 -0700 |
| commit | 9183321501daa948ab7c8e08d8ef94f7d0f655d3 (patch) | |
| tree | 103774f124549a2181dd9a16070c537c9aa311f2 | |
| parent | 32512acbc07bd4038be68387da90d7cb5bd2daae (diff) | |
Verify embedded blkptr's in arc_read()
The block pointer verification check in arc_read() should also
cover embedded block pointers. While highly unlikely, accessing
a damaged block pointer can result in panic. To further harden
the code extend the existing check to include embedded block
pointers and add a comment explaining the rational for this
sanity check. Lastly, correct a flaw in zfs_blkptr_verify()
so the error count is checked even when checking a untrusted
config to verify the non-pool-specific portions of a block
pointer.
Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Tony Nguyen <tony.nguyen@delphix.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #12535
| -rw-r--r-- | module/zfs/arc.c | 19 | ||||
| -rw-r--r-- | module/zfs/zio.c | 2 |
2 files changed, 14 insertions, 7 deletions
diff --git a/module/zfs/arc.c b/module/zfs/arc.c index 056ebf532..b864394b4 100644 --- a/module/zfs/arc.c +++ b/module/zfs/arc.c @@ -5917,17 +5917,24 @@ arc_read(zio_t *pio, spa_t *spa, const blkptr_t *bp, */ fstrans_cookie_t cookie = spl_fstrans_mark(); top: + /* + * Verify the block pointer contents are reasonable. This should + * always be the case since the blkptr is protected by a checksum. + * However, if there is damage it's desirable to detect this early + * and treat it as a checksum error. This allows an alternate blkptr + * to be tried when one is available (e.g. ditto blocks). + */ + if (!zfs_blkptr_verify(spa, bp, zio_flags & ZIO_FLAG_CONFIG_WRITER, + BLK_VERIFY_LOG)) { + rc = SET_ERROR(ECKSUM); + goto out; + } + if (!embedded_bp) { /* * Embedded BP's have no DVA and require no I/O to "read". * Create an anonymous arc buf to back it. */ - if (!zfs_blkptr_verify(spa, bp, zio_flags & - ZIO_FLAG_CONFIG_WRITER, BLK_VERIFY_LOG)) { - rc = SET_ERROR(ECKSUM); - goto out; - } - hdr = buf_hash_find(guid, bp, &hash_lock); } diff --git a/module/zfs/zio.c b/module/zfs/zio.c index 85e05ee6a..c016fa323 100644 --- a/module/zfs/zio.c +++ b/module/zfs/zio.c @@ -1006,7 +1006,7 @@ zfs_blkptr_verify(spa_t *spa, const blkptr_t *bp, boolean_t config_held, * will be done once the zio is executed in vdev_mirror_map_alloc. */ if (!spa->spa_trust_config) - return (B_TRUE); + return (errors == 0); if (!config_held) spa_config_enter(spa, SCL_VDEV, bp, RW_READER); |