c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2025-10-26 18:05:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

Move iput() after zfs_inode_update()

Browse Source 
When replaying an unlink/remove operation via zfs_rmdir() the object
being removed will be instantiated by a call to zfs_dirent_lock().
This means that there is a single reference protecting the object.
Right before the call to zfs_inode_update() this reference is dropped
which may cause the object to be destroyed.  This will result in a
NULL dereference as shown by the stack trace is issue #782.

This likely isn't an issue during normal operation because there is
always an additional reference held on the object by the VFS.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #782
This commit is contained in:
Brian Behlendorf 2012-09-12 11:16:08 -07:00
parent cda4db408c
commit 5915791096
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
module/zfs/zfs_vnops.c
View File

@ -1900,13 +1900,13 @@ top:
out: out:
zfs_dirent_unlock(dl); zfs_dirent_unlock(dl);
zfs_inode_update(dzp);
zfs_inode_update(zp);
iput(ip); iput(ip);
if (zsb->z_os->os_sync == ZFS_SYNC_ALWAYS) if (zsb->z_os->os_sync == ZFS_SYNC_ALWAYS)
zil_commit(zilog, 0); zil_commit(zilog, 0);
zfs_inode_update(dzp);
zfs_inode_update(zp);
ZFS_EXIT(zsb); ZFS_EXIT(zsb);
return (error); return (error);
} }