Overflowing refreservation is bad

Someone came to me and pointed out that you could pretty readily cause the refreservation calculation to exceed 2**64, given the 2**17 multiplier in it, and produce refreservations wildly less than the actual volsize in cases where it should have failed. Signed-off-by: Rich Ercolani <[email protected]>
rincebrain · Mar 14, 2024 · 055bde4 · 055bde4
1 parent 8f2f6cd
commit 055bde4
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/lib/libzfs/libzfs_dataset.c b/lib/libzfs/libzfs_dataset.c
@@ -5566,7 +5566,16 @@ volsize_from_vdevs(zpool_handle_t *zhp, uint64_t nblocks, uint64_t blksize)
 		 * Scale this size down as a ratio of 128k / tsize.
 		 * See theory statement above.
 		 */
-		volsize = nblocks * asize * SPA_OLD_MAXBLOCKSIZE / tsize;
+		volsize = (nblocks * asize) / tsize;
+		/*
+		 * If we would blow UINT64_MAX with this next multiplication,
+		 * don't.
+		 */
+		if (volsize > (UINT64_MAX / SPA_OLD_MAXBLOCKSIZE))
+			volsize = UINT64_MAX;
+		else
+			volsize *= SPA_OLD_MAXBLOCKSIZE;
+
 		if (volsize > ret) {
 			ret = volsize;
 		}