Always perform bounds-checking in metaslab_free_concrete #17136
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The vd->vdev_ms access can overflow due to on-disk corruption, not just due to programming bugs. So it makes sense to check its boundaries even in production builds. Sponsored by: ConnectWise Signed-off-by: Alan Somers <[email protected]>
amotin
approved these changes
Mar 12, 2025
|
This slightly echoes with #17094. |
alek-p
approved these changes
Mar 12, 2025
I hope there's a better place to catch it. I plan to keep working on the problem. But in the meantime I think this change is correct. Maybe after #17094 there will be a better way to handle it. |
tonyhutter
reviewed
Mar 18, 2025
tonyhutter
approved these changes
Mar 18, 2025
amotin
added
Status: Accepted
tonyhutter
pushed a commit
to tonyhutter/zfs
that referenced
this pull request
Apr 3, 2025
The vd->vdev_ms access can overflow due to on-disk corruption, not just due to programming bugs. So it makes sense to check its boundaries even in production builds. Sponsored by: ConnectWise Reviewed by: Alek Pinchuk <[email protected]> Reviewed-by: Tony Hutter <[email protected]> Reviewed-by: Alexander Motin <[email protected]> Signed-off-by: Alan Somers <[email protected]> Closes openzfs#17136
fuporovvStack
pushed a commit
to fuporovvStack/zfs
that referenced
this pull request
Apr 11, 2025
The vd->vdev_ms access can overflow due to on-disk corruption, not just due to programming bugs. So it makes sense to check its boundaries even in production builds. Sponsored by: ConnectWise Reviewed by: Alek Pinchuk <[email protected]> Reviewed-by: Tony Hutter <[email protected]> Reviewed-by: Alexander Motin <[email protected]> Signed-off-by: Alan Somers <[email protected]> Closes openzfs#17136
fuporovvStack
pushed a commit
to fuporovvStack/zfs
that referenced
this pull request
Apr 11, 2025
The vd->vdev_ms access can overflow due to on-disk corruption, not just due to programming bugs. So it makes sense to check its boundaries even in production builds. Sponsored by: ConnectWise Reviewed by: Alek Pinchuk <[email protected]> Reviewed-by: Tony Hutter <[email protected]> Reviewed-by: Alexander Motin <[email protected]> Signed-off-by: Alan Somers <[email protected]> Closes openzfs#17136
tonyhutter
pushed a commit
to tonyhutter/zfs
that referenced
this pull request
Apr 16, 2025
The vd->vdev_ms access can overflow due to on-disk corruption, not just due to programming bugs. So it makes sense to check its boundaries even in production builds. Sponsored by: ConnectWise Reviewed by: Alek Pinchuk <[email protected]> Reviewed-by: Tony Hutter <[email protected]> Reviewed-by: Alexander Motin <[email protected]> Signed-off-by: Alan Somers <[email protected]> Closes openzfs#17136
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The vd->vdev_ms access can overflow due to on-disk corruption, not just due to programming bugs. So it makes sense to check its boundaries even in production builds.
Sponsored by: ConnectWise
Signed-off-by: Alan Somers [email protected]
Motivation and Context
Prevents an out-of-bounds memory access due to on-disk corruption. The out of bounds access usually results in a page fault, but its effects are unpredictable. Better to cleanly panic instead. The original corruption was probably caused by the same underlying cause as #16626, combined with inadequate sanity checking of the block pointers.
Description
Changes in existing ASSERT into a VERIFY
How Has This Been Tested?
Ran the ZFS test suite on FreeBSD
Types of changes
Checklist:
Signed-off-by.