freebsd-nq/module/zfs
Ned Bass 67629d0f08 Fix rounding discrepancy in sa_find_sizes()
A rounding discrepancy exists between how sa_build_layouts() and
sa_find_sizes() calculate when the spill block needs to be kicked in.
This results in a narrow size range where sa_build_layouts() believes
there must be a spill block allocated but due to the discrepancy there
isn't.  A panic then occurs when the hdl->sa_spill NULL pointer is
dereferenced.

The following reproducer for this bug was isolated:

    truncate -s 128m /tmp/tank
    zpool create tank /tmp/tank
    zfs create -o xattr=sa tank/fish
    ln -s `perl -e 'print "z" x 41'` /tank/fish/z
    setfattr -hn trusted.foo -v`perl -e 'print "z"x45'` /tank/fish/z

This test results in roughly the following system attribute (SA)
layout:

  176 bytes - "standard" SA's
   41 bytes - name of symbolic link target
  100 bytes - XDR encoded nvlist for xattr
  ---
  317 bytes - total

Because 317 is less than DN_MAX_BONUSLEN (320), sa_find_sizes()
decides no spill block is needed. But sa_build_layouts() rounds 41 up
to 48 when computing the space requirements so it tries to switch to
the spill block.

Note that we were only able to reproduce this bug using a combination
of symbolic links and the Linux-specific xattr=sa dataset property.
So while this issue is not technically Linux-specific, it may be
difficult or impossible to hit the narrow size range needed to
reproduce it on other platforms.

To fix the discrepancy, round the running total in sa_find_sizes() up
to an 8-byte boundary before accounting for each SA, since this is how
they will be stored in the bonus and (possibly) spill buffers.

To make the intent of the code more clear, explicitly assert key
assumptions about expected alignment of data and whether spill-over
will occur.

Signed-off-by: Matthew Ahrens <mahrens@delphix.com
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #1240
2013-01-31 10:31:13 -08:00
..
arc.c Illumos #2618 arc.c mistypes in the comments 2013-01-11 09:16:59 -08:00
bplist.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
bpobj.c Illumos #3104: eliminate empty bpobjs 2013-01-08 10:35:43 -08:00
bptree.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
dbuf.c Illumos #3145, #3212 2013-01-08 10:35:44 -08:00
ddt_zap.c Add ddt_object_count() error handling 2012-10-29 08:57:45 -07:00
ddt.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
dmu_diff.c Update to onnv_147 2010-08-26 14:24:34 -07:00
dmu_object.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
dmu_objset.c Use dsl_dataset_snap_lookup() 2013-01-25 15:07:40 -08:00
dmu_send.c Illumos #3086: unnecessarily setting DS_FLAG_INCONSISTENT on async 2013-01-08 10:35:43 -08:00
dmu_traverse.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
dmu_tx.c Illumos #3189 kernel panic in test hotspare_onoffline_004_neg 2013-01-14 10:34:53 -08:00
dmu_zfetch.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
dmu.c Illumos #3086: unnecessarily setting DS_FLAG_INCONSISTENT on async 2013-01-08 10:35:43 -08:00
dnode_sync.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
dnode.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
dsl_dataset.c Use dsl_dataset_snap_lookup() 2013-01-25 15:07:40 -08:00
dsl_deadlist.c Illumos #3104: eliminate empty bpobjs 2013-01-08 10:35:43 -08:00
dsl_deleg.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
dsl_dir.c Illumos #3086: unnecessarily setting DS_FLAG_INCONSISTENT on async 2013-01-08 10:35:43 -08:00
dsl_pool.c Illumos #3104: eliminate empty bpobjs 2013-01-08 10:35:43 -08:00
dsl_prop.c Switch KM_SLEEP to KM_PUSHPAGE 2012-09-17 11:22:23 -07:00
dsl_scan.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
dsl_synctask.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
fm.c Condition variable usage, zevent_cv 2012-10-15 16:01:54 -07:00
gzip.c Fix zmod.h usage in userspace 2010-08-31 08:38:46 -07:00
lz4.c Illumos #3035 LZ4 compression support in ZFS and GRUB 2013-01-29 09:28:20 -08:00
lzjb.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
Makefile.in Illumos #3035 LZ4 compression support in ZFS and GRUB 2013-01-29 09:28:20 -08:00
metaslab.c Add FASTWRITE algorithm for synchronous writes. 2012-10-17 08:56:41 -07:00
refcount.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
rrwlock.c Enable rrwlock.c compilation 2010-12-07 16:05:25 -08:00
sa.c Fix rounding discrepancy in sa_find_sizes() 2013-01-31 10:31:13 -08:00
sha256.c Add linux sha2 support 2010-08-31 13:41:59 -07:00
spa_boot.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
spa_config.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
spa_errlog.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
spa_history.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
spa_misc.c Illumos #3090 and #3102 2013-01-08 10:35:42 -08:00
spa.c Illumos #3349: zpool upgrade -V bumps the on disk version number 2013-01-08 10:35:43 -08:00
space_map.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
txg.c Illumos #3447 improve the comment in txg.c 2013-01-30 08:55:20 -08:00
uberblock.c Update core ZFS code from build 121 to build 141. 2010-05-28 13:45:14 -07:00
unique.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
vdev_cache.c Switch KM_SLEEP to KM_PUSHPAGE 2012-08-27 12:01:37 -07:00
vdev_disk.c call_usermodehelper() should wait for process 2013-01-09 16:54:52 -08:00
vdev_file.c Illumos #1948: zpool list should show more detailed pool info 2012-09-19 13:39:05 -07:00
vdev_label.c Illumos #3090 and #3102 2013-01-08 10:35:42 -08:00
vdev_mirror.c Illumos #1948: zpool list should show more detailed pool info 2012-09-19 13:39:05 -07:00
vdev_missing.c Illumos #1948: zpool list should show more detailed pool info 2012-09-19 13:39:05 -07:00
vdev_queue.c Limit zfs_vdev_aggregation_limit to SPA_MAXBLOCKSIZE 2012-10-15 09:28:43 -07:00
vdev_raidz.c Illumos #1948: zpool list should show more detailed pool info 2012-09-19 13:39:05 -07:00
vdev_root.c Illumos #1948: zpool list should show more detailed pool info 2012-09-19 13:39:05 -07:00
vdev.c Illumos #3090 and #3102 2013-01-08 10:35:42 -08:00
zap_leaf.c Switch KM_SLEEP to KM_PUSHPAGE 2012-09-05 08:44:58 -07:00
zap_micro.c Illumos #2619 and #2747 2013-01-08 10:35:35 -08:00
zap.c fzap_cursor_move_to_key() should drop l_rwlock 2013-01-23 16:31:16 -08:00
zfeature_common.c Illumos #3035 LZ4 compression support in ZFS and GRUB 2013-01-29 09:28:20 -08:00
zfeature.c Illumos #3104: eliminate empty bpobjs 2013-01-08 10:35:43 -08:00
zfs_acl.c Avoid gcc -Werror=maybe-uninitialized warnings 2013-01-28 09:10:29 -08:00
zfs_byteswap.c Add linux kernel module support 2010-08-31 13:41:58 -07:00
zfs_ctldir.c Use dsl_dataset_snap_lookup() 2013-01-25 15:07:40 -08:00
zfs_debug.c Use spl_debug_* helpers 2012-02-09 16:37:48 -08:00
zfs_dir.c Revert "Revert "Fix unlink/xattr deadlock"" 2013-01-17 11:24:20 -08:00
zfs_fm.c Illumos #2671: zpool import should not fail if vdev ashift has increased 2012-11-15 11:05:59 -08:00
zfs_fuid.c Drop HAVE_XVATTR macros 2011-03-02 11:44:34 -08:00
zfs_ioctl.c Illumos #3035 LZ4 compression support in ZFS and GRUB 2013-01-29 09:28:20 -08:00
zfs_log.c Revert "Remove TSD zfs_fsyncer_key" 2012-12-20 09:56:28 -08:00
zfs_onexit.c Add linux kernel device support 2010-08-31 13:41:50 -07:00
zfs_replay.c ZFS replay transaction error 5 2012-09-17 11:06:58 -07:00
zfs_rlock.c Switch KM_SLEEP to KM_PUSHPAGE 2012-12-10 09:44:45 -08:00
zfs_sa.c Revert "Use SA_HDL_PRIVATE for SA xattrs" 2012-08-25 09:25:56 -07:00
zfs_vfsops.c Use sb->s_d_op default dentry operations 2013-01-18 15:04:23 -08:00
zfs_vnops.c Revert "Remove TSD zfs_fsyncer_key" 2012-12-20 09:56:28 -08:00
zfs_znode.c Fix 'zfs rollback' on mounted file systems 2013-01-17 09:51:20 -08:00
zil.c Illumos #3086: unnecessarily setting DS_FLAG_INCONSISTENT on async 2013-01-08 10:35:43 -08:00
zio_checksum.c Update core ZFS code from build 121 to build 141. 2010-05-28 13:45:14 -07:00
zio_compress.c Illumos #3035 LZ4 compression support in ZFS and GRUB 2013-01-29 09:28:20 -08:00
zio_inject.c Add missing ZFS tunables 2011-05-04 10:02:37 -07:00
zio.c Illumos #3035 LZ4 compression support in ZFS and GRUB 2013-01-29 09:28:20 -08:00
zle.c Update core ZFS code from build 121 to build 141. 2010-05-28 13:45:14 -07:00
zpl_ctldir.c Add d_clear_d_op() compatibility 2013-01-23 16:33:29 -08:00
zpl_export.c Implement .commit_metadata hook for NFS export 2012-10-03 10:49:45 -07:00
zpl_file.c Annotate KM_PUSHPAGE call paths with PF_NOFS 2012-08-27 12:01:37 -07:00
zpl_inode.c Fix zpl_revalidate() NULL deref 2013-01-22 09:38:17 -08:00
zpl_super.c Update SAs when an inode is dirtied 2012-12-14 12:18:54 -08:00
zpl_xattr.c Add missing NULL in zpl_xattr_handlers 2012-03-15 15:18:29 -07:00
zrlock.c Export ZFS symbols needed by Lustre. 2010-09-17 16:24:15 -07:00
zvol.c Fix zpool on zvol deadlock 2013-01-18 09:44:55 -08:00