Bug #8378
crash due to bp in-memory modification of nopwrite block
Start date:
2017-06-12
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Description
The problem is that zfs_get_data() supplies a stale zgd_bp to dmu_sync(), which we then nopwrite against.
zfs_get_data() doesn't hold any DMU-related locks, so after it copies db_blkptr to zgd_bp, dbuf_write_ready()
could change db_blkptr, and dbuf_write_done() could remove the dirty record. dmu_sync() then sees the stale
BP and that the dbuf it not dirty, so it is eligible for nop-writing.
The fix is for dmu_sync() to copy db_blkptr to zgd_bp after acquiring the db_mtx. We could still see a stale
db_blkptr, but if it is stale then the dirty record will still exist and thus we won't attempt to nopwrite.
History
Updated by Electric Monk over 2 years ago
Updated by - % Done changed from 0 to 100
- Status changed from New to Closed
git commit b7edcb940884114e61382937505433c4c38c0278
commit b7edcb940884114e61382937505433c4c38c0278
Author: Matthew Ahrens <mahrens@delphix.com>
Date: 2017-06-29T23:10:41.000Z
8378 crash due to bp in-memory modification of nopwrite block
Reviewed by: Prakash Surya <prakash.surya@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>