Chunwei Chen 061460dfe2 Fix get_zfs_sb race with concurrent umount ...

Certain ioctl operations will call get_zfs_sb, which will holds an active
count on sb without checking whether it's active or not. This will result
in use-after-free. We fix this by using atomic_inc_not_zero to make sure
we got an active sb.

P1                                          P2
---                                         ---
deactivate_locked_super(): s_active = 0
                                            zfs_sb_hold()
                                            ->get_zfs_sb(): s_active = 1
->zpl_kill_sb()
-->zpl_put_super()
--->zfs_umount()
---->zfs_sb_free(zsb)
                                            zfs_sb_rele(zsb)

Signed-off-by: Chunwei Chen <david.chen@osnexus.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>

2016-07-12 13:34:14 -07:00

..

avl

Support parallel build trees (VPATH builds)

2015-07-17 13:42:51 -07:00

nvpair

Support parallel build trees (VPATH builds)

2015-07-17 13:42:51 -07:00

unicode

Support parallel build trees (VPATH builds)

2015-07-17 13:42:51 -07:00

zcommon

Vectorized fletcher_4 must be 128-bit aligned

2016-06-29 11:22:22 -07:00

zfs

Fix get_zfs_sb race with concurrent umount

2016-07-12 13:34:14 -07:00

zpios

Add large block support to zpios(1) benchmark

2015-09-22 09:13:20 -07:00

.gitignore

module/.gitignore: Add *.dwo (#4580)

2016-05-02 09:07:04 -07:00

Makefile.in

Prevent rm modules.* when make install

2015-12-02 14:39:12 -08:00