Project

General

Profile

Bug #7256

low probability race in zfs_get_data

Added by Andriy Gapon about 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Category:
zfs - Zettabyte File System
Start date:
2016-08-02
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

                       error = dmu_sync(zio, lr->lr_common.lrc_txg,
                            zfs_get_done, zgd);
                       ASSERT(error || lr->lr_length <= zp->z_blksz);

It's possible, although extremely rare, that the zfs_get_done() callback is executed before dmu_sync() returns.
In that case the znode's range lock is dropped and the znode is unreferenced.
Thus, the assertion can access some invalid or wrong data via the zp pointer.

size variable caches the correct value of z_blksz and can be safely used here.

History

#1

Updated by Electric Monk over 2 years ago

  • % Done changed from 0 to 100
  • Status changed from New to Closed

git commit 0c94e1af6784c69a1dea25e0e35dd13b2b91e2e5

commit  0c94e1af6784c69a1dea25e0e35dd13b2b91e2e5
Author: Andriy Gapon <andriy.gapon@clusterhq.com>
Date:   2016-12-21T19:01:59.000Z

    7256 low probability race in zfs_get_data
    Reviewed by: Matt Ahrens <mahrens@delphix.com>
    Reviewed by: Pavel Zakharov <pavel.zakharov@delphix.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF