From b9ec4a15e5ab40e6c32dd445ecebcd3a3fed1ef9 Mon Sep 17 00:00:00 2001 From: Brian Behlendorf Date: Thu, 9 Sep 2021 18:02:07 -0700 Subject: [PATCH] Verify embedded blkptr's in arc_read() The block pointer verification check in arc_read() should also cover embedded block pointers. While highly unlikely, accessing a damaged block pointer can result in panic. To further harden the code extend the existing check to include embedded block pointers and add a comment explaining the rational for this sanity check. Lastly, correct a flaw in zfs_blkptr_verify() so the error count is checked even when checking a untrusted config to verify the non-pool-specific portions of a block pointer. Reviewed-by: Matthew Ahrens Reviewed-by: Tony Nguyen Signed-off-by: Brian Behlendorf Closes #12535 --- module/zfs/arc.c | 19 +++++++++++++------ module/zfs/zio.c | 2 +- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/module/zfs/arc.c b/module/zfs/arc.c index 7697c53918..6acd363134 100644 --- a/module/zfs/arc.c +++ b/module/zfs/arc.c @@ -5911,17 +5911,24 @@ arc_read(zio_t *pio, spa_t *spa, const blkptr_t *bp, */ fstrans_cookie_t cookie = spl_fstrans_mark(); top: + /* + * Verify the block pointer contents are reasonable. This should + * always be the case since the blkptr is protected by a checksum. + * However, if there is damage it's desirable to detect this early + * and treat it as a checksum error. This allows an alternate blkptr + * to be tried when one is available (e.g. ditto blocks). + */ + if (!zfs_blkptr_verify(spa, bp, zio_flags & ZIO_FLAG_CONFIG_WRITER, + BLK_VERIFY_LOG)) { + rc = SET_ERROR(ECKSUM); + goto out; + } + if (!embedded_bp) { /* * Embedded BP's have no DVA and require no I/O to "read". * Create an anonymous arc buf to back it. */ - if (!zfs_blkptr_verify(spa, bp, zio_flags & - ZIO_FLAG_CONFIG_WRITER, BLK_VERIFY_LOG)) { - rc = SET_ERROR(ECKSUM); - goto out; - } - hdr = buf_hash_find(guid, bp, &hash_lock); } diff --git a/module/zfs/zio.c b/module/zfs/zio.c index 85e05ee6af..c016fa323b 100644 --- a/module/zfs/zio.c +++ b/module/zfs/zio.c @@ -1006,7 +1006,7 @@ zfs_blkptr_verify(spa_t *spa, const blkptr_t *bp, boolean_t config_held, * will be done once the zio is executed in vdev_mirror_map_alloc. */ if (!spa->spa_trust_config) - return (B_TRUE); + return (errors == 0); if (!config_held) spa_config_enter(spa, SCL_VDEV, bp, RW_READER);