Handle vdev_lookup_top() failure in dva_get_dsize_sync()

The dva_get_dsize_sync() function incorrectly assumes that the call
to vdev_lookup_top() cannot fail.  However, the NULL dereference at
clearly shows that under certain circumstances it is possible.  Note
that offset 0x570 (1376) maps as expected to vd->vdev_deflate_ratio.

  BUG: unable to handle kernel NULL pointer dereference at 00000570

  crash> struct -o vdev
  struct vdev {
       [0] uint64_t vdev_id;
       ... ...
    [1376] uint64_t vdev_deflate_ratio;

Given that this can happen this patch add the required error handling.
In the case where vdev_lookup_top() fails assume that no deflation
will occur for the DVA and use the asize.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ned Bass <bass6@llnl.gov>
Signed-off-by: Alexey Zhuravlev <alexey.zhuravlev@intel.com>
Closes #1707
Closes #1987
Closes #1891

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>

diff --git a/module/zfs/spa_misc.c b/module/zfs/spa_misc.c
index f1e1a7258e7011254cb7ed70ae1dd581dee25cc0..cdbe5a522a194cbec816abf294e8f1a6dd07b61b 100644 (file)
--- a/module/zfs/spa_misc.c
+++ b/module/zfs/spa_misc.c
@@ -1552,7 +1552,9 @@ dva_get_dsize_sync(spa_t *spa, const dva_t *dva)
 
        if (asize != 0 && spa->spa_deflate) {
                vdev_t *vd = vdev_lookup_top(spa, DVA_GET_VDEV(dva));
-               dsize = (asize >> SPA_MINBLOCKSHIFT) * vd->vdev_deflate_ratio;
+               if (vd != NULL)
+                       dsize = (asize >> SPA_MINBLOCKSHIFT) *
+                           vd->vdev_deflate_ratio;
        }
 
        return (dsize);