Bug #5870
closeddmu_recv_end_check() leaks origin_head hold if error happens in drc_force branch
100%
Description
In the `!drc_newfs` branch of `dmu_recv_end_check()` we first take a hold on `drc_tofs` (as origin_head).
If the `drc_force` branch is entered and there is any error in it, then we return from `dmu_recv_end_check()` without releasing the origin_head hold.
This can happen if the dataset has a newer snapshot that has to be destroyed, but the snapshot is user-held or it is an origin for a cloned filesystem.
In those cases `dsl_destroy_snapshot_check_impl` would return an error. After that a snapshot hold is released, but the dataset hold is not released.
Updated by Andriy Gapon about 7 years ago
In the !drc_newfs
branch of dmu_recv_end_check()
we first take a hold on drc_tofs
(as origin_head
).
If the drc_force
branch is entered and there is any error in it, then we return from dmu_recv_end_check()
without releasing the origin_head
hold.
This can happen if the dataset has a newer snapshot that has to be destroyed, but the snapshot is user-held or it is an origin for a cloned filesystem.
In those cases dsl_destroy_snapshot_check_impl
would return an error. After that a snapshot hold is released, but the dataset hold is not released.
Updated by Electric Monk almost 7 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit beddaa9ce797b9deaafc22b4f156d23f9b45c32d
commit beddaa9ce797b9deaafc22b4f156d23f9b45c32d Author: Andriy Gapon <avg@freebsd.org> Date: 2015-05-27T14:27:43.000Z 5870 dmu_recv_end_check() leaks origin_head hold if error happens in drc_force branch Reviewed by: Matthew Ahrens <mahrens@delphix.com> Reviewed by: Andrew Stormont <andyjstormont@gmail.com> Approved by: Dan McDonald <danmcd@omniti.com>