mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-26 03:09:34 +03:00
Move iput() after zfs_inode_update()
When replaying an unlink/remove operation via zfs_rmdir() the object being removed will be instantiated by a call to zfs_dirent_lock(). This means that there is a single reference protecting the object. Right before the call to zfs_inode_update() this reference is dropped which may cause the object to be destroyed. This will result in a NULL dereference as shown by the stack trace is issue #782. This likely isn't an issue during normal operation because there is always an additional reference held on the object by the VFS. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #782
This commit is contained in:
parent
cda4db408c
commit
5915791096
@ -1900,13 +1900,13 @@ top:
|
|||||||
out:
|
out:
|
||||||
zfs_dirent_unlock(dl);
|
zfs_dirent_unlock(dl);
|
||||||
|
|
||||||
|
zfs_inode_update(dzp);
|
||||||
|
zfs_inode_update(zp);
|
||||||
iput(ip);
|
iput(ip);
|
||||||
|
|
||||||
if (zsb->z_os->os_sync == ZFS_SYNC_ALWAYS)
|
if (zsb->z_os->os_sync == ZFS_SYNC_ALWAYS)
|
||||||
zil_commit(zilog, 0);
|
zil_commit(zilog, 0);
|
||||||
|
|
||||||
zfs_inode_update(dzp);
|
|
||||||
zfs_inode_update(zp);
|
|
||||||
ZFS_EXIT(zsb);
|
ZFS_EXIT(zsb);
|
||||||
return (error);
|
return (error);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user