Illumos #1661: Fix flaw in sa_find_sizes() calculation

When calculating space needed for SA_BONUS buffers, hdrsize is
always rounded up to next 8-aligned boundary. However, in two places
the round up was done against sum of 'total' plus hdrsize. On the
other hand, hdrsize increments by 4 each time, which means in certain
conditions, we would end up returning with will_spill == 0 and
(total + hdrsize) larger than full_space, leading to a failed
assertion because it's invalid for dmu_set_bonus.

Reviewed by: Matthew Ahrens <matt@delphix.com>
Reviewed by: Dan McDonald <danmcd@nexenta.com>
Approved by: Gordon Ross <gwr@nexenta.com>

References to Illumos issue:
  https://www.illumos.org/issues/1661

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #426

diff --git a/module/zfs/sa.c b/module/zfs/sa.c
index 8acbb0cbb66d52b8a2d9342faf518e49604e26a0..4278ed7e4e509bc22a9b1e475632301bdd066c81 100644 (file)
--- a/module/zfs/sa.c
+++ b/module/zfs/sa.c
@@ -607,14 +607,14 @@ sa_find_sizes(sa_os_t *sa, sa_bulk_attr_t *attr_desc, int attr_count,
                 * and spill buffer.
                 */
                if (buftype == SA_BONUS && *index == -1 &&
-                   P2ROUNDUP(*total + hdrsize, 8) >
+                   (*total + P2ROUNDUP(hdrsize, 8)) >
                    (full_space - sizeof (blkptr_t))) {
                        *index = i;
                        done = B_TRUE;
                }
 
 next:
-               if (P2ROUNDUP(*total + hdrsize, 8) > full_space &&
+               if ((*total + P2ROUNDUP(hdrsize, 8)) > full_space &&
                    buftype == SA_BONUS)
                        *will_spill = B_TRUE;
        }