c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-03-10 20:36:21 +03:00
Code Issues Packages Projects Releases Wiki Activity
36e4f18883
mirror_zfs/module
History
Ameer Hamza 36e4f18883
Fix taskq NULL pointer dereference on timer race 
Remove unsafe timer_pending() check in taskq_cancel_id() that created a
race where:
- Timer expires and timer_pending() returns FALSE
- task_done() frees task with tqent_func = NULL
- Timer callback executes and queues freed task
- Worker thread crashes executing NULL function

Always call timer_delete_sync() unconditionally to ensure timer callback
completes before task is freed.

Reliably reproducible by injecting mdelay(10) after setting CANCEL flag
to widen the race window, combined with frequent task cancellations
(e.g., snapshot automount expiry).

Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ameer Hamza <ahamza@ixsystems.com>
Closes #17942
2025-11-19 08:21:10 -08:00
..
avl Prefer VERIFY0P(n) over VERIFY(n == NULL) 2025-08-07 11:41:37 -07:00
icp icp: remove global icp includes 2025-11-12 10:03:51 -08:00
lua SPDX: license tags: MIT 2025-03-13 17:56:54 -07:00
nvpair Prefer VERIFY0P(n) over VERIFY3P(n, ==, NULL) 2025-08-07 11:41:42 -07:00
os Fix taskq NULL pointer dereference on timer race 2025-11-19 08:21:10 -08:00
unicode SPDX: license tags: CDDL-1.0 2025-03-13 17:56:27 -07:00
zcommon Add knob to disable slow io notifications 2025-11-11 10:42:17 -08:00
zfs libspl: move SID definitions from zfs_context.h; remove kernel gate 2025-11-12 10:01:48 -08:00
zstd zstd: disable intrinsics 2025-11-07 10:01:12 -08:00
.gitignore FreeBSD: Ignore symlink to i386 includes 2022-08-02 16:34:23 -07:00
Kbuild.in zstd: disable intrinsics 2025-11-07 10:01:12 -08:00
Makefile.bsd zstd: disable intrinsics 2025-11-07 10:01:12 -08:00
Makefile.in objtool wrapper: use absolute path to call the wrapper 2025-07-14 15:10:02 -07:00