proxmox-mirrors/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs synced 2025-04-28 06:00:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Always perform bounds-checking in metaslab_free_concrete

Browse Source 
The vd->vdev_ms access can overflow due to on-disk corruption, not just
due to programming bugs.  So it makes sense to check its boundaries even
in production builds.

Sponsored by:	ConnectWise
Reviewed by: Alek Pinchuk <pinchuk.alek@gmail.com>
Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Alexander Motin <mav@FreeBSD.org>
Signed-off-by:	Alan Somers <asomers@gmail.com>
Closes #17136
This commit is contained in:
Alan Somers 2025-03-19 09:24:43 -06:00 committed by GitHub
parent 3cd9934a48
commit d033f26765
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
module/zfs/metaslab.c
View File

@ -5406,12 +5406,13 @@ metaslab_free_concrete(vdev_t *vd, uint64_t offset, uint64_t asize,
{
metaslab_t *msp;
spa_t *spa = vd->vdev_spa;
int m = offset >> vd->vdev_ms_shift;
ASSERT(vdev_is_concrete(vd));
ASSERT3U(spa_config_held(spa, SCL_ALL, RW_READER), !=, 0);
ASSERT3U(offset >> vd->vdev_ms_shift, <, vd->vdev_ms_count);
VERIFY3U(m, <, vd->vdev_ms_count);
msp = vd->vdev_ms[offset >> vd->vdev_ms_shift];
msp = vd->vdev_ms[m];
VERIFY(!msp->ms_condensing);
VERIFY3U(offset, >=, msp->ms_start);