Date: Thu, 27 Feb 2020 14:48:12 +0000 (UTC) From: Andriy Gapon <avg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r358383 - stable/12/stand/libsa/zfs Message-ID: <202002271448.01REmCaA060891@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: avg Date: Thu Feb 27 14:48:12 2020 New Revision: 358383 URL: https://svnweb.freebsd.org/changeset/base/358383 Log: MFC r355736: zfs boot: fix a crash in a rarely taken path in fzap_lookup Instead of passing NULL to fzap_name_equal and crashing, just return ENOENT. This happened when higher bits of a hash of the searched key (its hash prefix) matched a hash prefix of some key in the ZAP, but the full hash value of the searched key did not match any key in the ZAP. I observerved this problem when loader tried to look up "features_for_read" in a particular old pool that predates pool features. Sponsored by: Panzura Modified: stable/12/stand/libsa/zfs/zfsimpl.c Directory Properties: stable/12/ (props changed) Modified: stable/12/stand/libsa/zfs/zfsimpl.c ============================================================================== --- stable/12/stand/libsa/zfs/zfsimpl.c Thu Feb 27 14:27:42 2020 (r358382) +++ stable/12/stand/libsa/zfs/zfsimpl.c Thu Feb 27 14:48:12 2020 (r358383) @@ -2515,10 +2515,8 @@ fzap_lookup(const spa_t *spa, const dnode_phys_t *dnod return (ENOENT); zc = &ZAP_LEAF_CHUNK(&zl, h); while (zc->l_entry.le_hash != hash) { - if (zc->l_entry.le_next == 0xffff) { - zc = NULL; - break; - } + if (zc->l_entry.le_next == 0xffff) + return (ENOENT); zc = &ZAP_LEAF_CHUNK(&zl, zc->l_entry.le_next); } if (fzap_name_equal(&zl, zc, name)) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002271448.01REmCaA060891>