Bug #8378
crash due to bp in-memory modification of nopwrite block
| Status: | New | Start date: | 2017-06-12 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Serapheim Dimitropoulos | % Done: | 0% | |
| Category: | zfs - Zettabyte File System | |||
| Target version: | - | |||
| Difficulty: | Medium | Tags: | needs-triage |
Description
The problem is that zfs_get_data() supplies a stale zgd_bp to dmu_sync(), which we then nopwrite against.
zfs_get_data() doesn't hold any DMU-related locks, so after it copies db_blkptr to zgd_bp, dbuf_write_ready()
could change db_blkptr, and dbuf_write_done() could remove the dirty record. dmu_sync() then sees the stale
BP and that the dbuf it not dirty, so it is eligible for nop-writing.
The fix is for dmu_sync() to copy db_blkptr to zgd_bp after acquiring the db_mtx. We could still see a stale
db_blkptr, but if it is stale then the dirty record will still exist and thus we won't attempt to nopwrite.
Also available in: Atom