Project

General

Profile

Bug #5870

dmu_recv_end_check() leaks origin_head hold if error happens in drc_force branch

Added by Andriy Gapon over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
zfs - Zettabyte File System
Start date:
2015-04-24
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage

Description

In the `!drc_newfs` branch of `dmu_recv_end_check()` we first take a hold on `drc_tofs` (as origin_head).
If the `drc_force` branch is entered and there is any error in it, then we return from `dmu_recv_end_check()` without releasing the origin_head hold.
This can happen if the dataset has a newer snapshot that has to be destroyed, but the snapshot is user-held or it is an origin for a cloned filesystem.
In those cases `dsl_destroy_snapshot_check_impl` would return an error. After that a snapshot hold is released, but the dataset hold is not released.

History

#1

Updated by Andriy Gapon over 4 years ago

In the !drc_newfs branch of dmu_recv_end_check() we first take a hold on drc_tofs (as origin_head).
If the drc_force branch is entered and there is any error in it, then we return from dmu_recv_end_check() without releasing the origin_head hold.
This can happen if the dataset has a newer snapshot that has to be destroyed, but the snapshot is user-held or it is an origin for a cloned filesystem.
In those cases dsl_destroy_snapshot_check_impl would return an error. After that a snapshot hold is released, but the dataset hold is not released.

#3

Updated by Electric Monk over 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit beddaa9ce797b9deaafc22b4f156d23f9b45c32d

commit  beddaa9ce797b9deaafc22b4f156d23f9b45c32d
Author: Andriy Gapon <avg@freebsd.org>
Date:   2015-05-27T14:27:43.000Z

    5870 dmu_recv_end_check() leaks origin_head hold if error happens in drc_force branch
    Reviewed by: Matthew Ahrens <mahrens@delphix.com>
    Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF