mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-11-18 18:31:00 +03:00
8415c3c170
Callers of zfs_file_get and zfs_file_put can corrupt the reference counts for the file structure resulting in a panic or a soft lockup. When zfs send/recv runs, it will add a reference count to the open file, and begin to send or recv the stream. If the file descriptor is closed, then when dmu_recv_stream() or dmu_send() return we will call zfs_file_put to remove the reference we placed on the file structure. Unfortunately, because zfs_file_put() uses the file descriptor to lookup the file structure, it may end up finding that the file descriptor table no longer contains the file struct, thus leaking the file structure. Or it might end up finding a file descriptor for a different file and blindly updating its reference counts. Other failure modes probably exists. This change reworks the zfs_file_[get|put] interface to not rely on the file descriptor but instead pass the zfs_file_t pointer around. Reviewed-by: Matthew Ahrens <mahrens@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Mark Maybee <mark.maybee@delphix.com> Reviewed-by: Ryan Moeller <ryan@iXsystems.com> Co-authored-by: Allan Jude <allan@klarasystems.com> Signed-off-by: George Wilson <gwilson@delphix.com> External-issue: DLPX-76119 Closes #12299 |
||
|---|---|---|
| .. | ||
| abd_os.c | ||
| arc_os.c | ||
| Makefile.in | ||
| mmp_os.c | ||
| policy.c | ||
| qat_compress.c | ||
| qat_crypt.c | ||
| qat.c | ||
| spa_misc_os.c | ||
| trace.c | ||
| vdev_disk.c | ||
| vdev_file.c | ||
| zfs_acl.c | ||
| zfs_ctldir.c | ||
| zfs_debug.c | ||
| zfs_dir.c | ||
| zfs_file_os.c | ||
| zfs_ioctl_os.c | ||
| zfs_racct.c | ||
| zfs_sysfs.c | ||
| zfs_uio.c | ||
| zfs_vfsops.c | ||
| zfs_vnops_os.c | ||
| zfs_znode.c | ||
| zio_crypt.c | ||
| zpl_ctldir.c | ||
| zpl_export.c | ||
| zpl_file.c | ||
| zpl_inode.c | ||
| zpl_super.c | ||
| zpl_xattr.c | ||
| zvol_os.c | ||