From: George Wilson <george.wilson@delphix.com>
Date: Tue, 3 Sep 2019 02:17:51 +0000 (-0400)
Subject: maxinflight can overflow in spa_load_verify_cb()
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1e52716257877dbd97373cc8ca239315eaee2984;p=zfs

maxinflight can overflow in spa_load_verify_cb()

When running on larger memory systems, we can overflow the value of
maxinflight. This can result in maxinflight having a value of 0 causing
the system to hang.

Reviewed-by: Igor Kozhukhov <igor@dilos.org>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: George Wilson <george.wilson@delphix.com>
Closes #9272
---

diff --git a/module/zfs/spa.c b/module/zfs/spa.c
index f4a6f3f45..d885c20c9 100644
--- a/module/zfs/spa.c
+++ b/module/zfs/spa.c
@@ -2229,7 +2229,8 @@ spa_load_verify_cb(spa_t *spa, zilog_t *zilog, const blkptr_t *bp,
 	if (!BP_IS_METADATA(bp) && !spa_load_verify_data)
 		return (0);
 
-	int maxinflight_bytes = arc_target_bytes() >> spa_load_verify_shift;
+	uint64_t maxinflight_bytes =
+	    arc_target_bytes() >> spa_load_verify_shift;
 	zio_t *rio = arg;
 	size_t size = BP_GET_PSIZE(bp);