mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2025-01-27 10:24:22 +03:00
Close possible zfs_znode_held() race
Check if the lock is held while holding the z_hold_locks() lock. This prevents a possible use-after-free bug for callers which are not holding the lock. There currently are no such callers so this can't cause a problem today but it has been fixed regardless. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Chunwei Chen <tuxoko@gmail.com> Closes #4244 Issue #4124
This commit is contained in:
parent
ae3a373566
commit
37c56346cc
@ -248,17 +248,16 @@ zfs_znode_held(zfs_sb_t *zsb, uint64_t obj)
|
|||||||
{
|
{
|
||||||
znode_hold_t *zh, search;
|
znode_hold_t *zh, search;
|
||||||
int i = ZFS_OBJ_HASH(zsb, obj);
|
int i = ZFS_OBJ_HASH(zsb, obj);
|
||||||
|
boolean_t held;
|
||||||
|
|
||||||
search.zh_obj = obj;
|
search.zh_obj = obj;
|
||||||
|
|
||||||
mutex_enter(&zsb->z_hold_locks[i]);
|
mutex_enter(&zsb->z_hold_locks[i]);
|
||||||
zh = avl_find(&zsb->z_hold_trees[i], &search, NULL);
|
zh = avl_find(&zsb->z_hold_trees[i], &search, NULL);
|
||||||
|
held = (zh && MUTEX_HELD(&zh->zh_lock)) ? B_TRUE : B_FALSE;
|
||||||
mutex_exit(&zsb->z_hold_locks[i]);
|
mutex_exit(&zsb->z_hold_locks[i]);
|
||||||
|
|
||||||
if (zh && MUTEX_HELD(&zh->zh_lock))
|
return (held);
|
||||||
return (B_TRUE);
|
|
||||||
|
|
||||||
return (B_FALSE);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static znode_hold_t *
|
static znode_hold_t *
|
||||||
|
Loading…
Reference in New Issue
Block a user