From b0cf0676c0beb5dcb149774a3264580a18304ac1 Mon Sep 17 00:00:00 2001 From: Tim Chase Date: Sat, 18 Oct 2014 22:50:01 -0500 Subject: [PATCH] Fix removal of SA in sa_modify_attrs() The sa_modify_attrs() function can add, remove or replace an SA. The main loop in the function uses the index "i" to iterate over the existing SAs and uses the index "j" for writing them into a new buffer via SA_ADD_BULK_ATTR(). The write index, "j" is incremented on remove (SA_REMOVE) operations which leads to a corruption in the new SA buffer. This patch remove the increment for SA_REMOVE operations. Signed-off-by: Brian Behlendorf Signed-off-by: Tim Chase Signed-off-by: Ned Bass Closes #3028 --- module/zfs/sa.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/module/zfs/sa.c b/module/zfs/sa.c index 1263d37ab..25b4da9f8 100644 --- a/module/zfs/sa.c +++ b/module/zfs/sa.c @@ -1730,10 +1730,8 @@ sa_modify_attrs(sa_handle_t *hdl, sa_attr_type_t newattr, if (attr == newattr) { if (length == 0) ++length_idx; - if (action == SA_REMOVE) { - j++; + if (action == SA_REMOVE) continue; - } ASSERT(length == 0); ASSERT(action == SA_REPLACE); SA_ADD_BULK_ATTR(attr_desc, j, attr,