Project

General

Profile

Bug #3257

zfs_get_data has unsafe access to znode in debug build

Added by Don Brady about 8 years ago. Updated about 8 years ago.

Status:
New
Priority:
Normal
Category:
zfs - Zettabyte File System
Start date:
2012-10-04
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:

Description

In zfs_vnops.c, in the zfs_get_data() function, there is an unsafe access to a znode after dropping its vnode reference.

error = dmu_sync(zio, lr->lr_common.lrc_txg, zfs_get_done, zgd);
ASSERT(error || lr->lr_length <= zp->z_blksz);

The assertion is referencing zp but in zfs_get_done() callback the vnode reference was dropped. Upon return from dmu_sync() the znode could have already been recycled and changed type (no longer a file!) and the test "lr->lr_length <= zp->z_blksz" could fail!

Found running fstorture against a debug build of zfs.

#1

Updated by Christopher Siden about 8 years ago

  • Assignee set to Christopher Siden

Looking in to getting fstorture working on illumos.

Also available in: Atom PDF