mirror_zfs

mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2026-05-24 03:08:51 +03:00

Files

T

Gality b8addf9221 dmu_direct: avoid UAF in dmu_write_direct_done()

dmu_write_direct_done() passes dmu_sync_arg_t to
dmu_sync_done(), which updates the override state and
frees the completion context. The Direct I/O error path
then still dereferences dsa->dsa_tx while rolling the
dirty record back with dbuf_undirty(), resulting in a
use-after-free.

Save dsa->dsa_tx in a local variable before calling
dmu_sync_done() and use that saved tx for the error
rollback. This preserves the existing ownership model
for dsa and does not change the Direct I/O write
semantics.

Reviewed-by: Brian Atkinson <batkinson@lanl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Co-authored-by: gality369 <gality369@example.com>
Signed-off-by: ZhengYuan Huang <gality369@gmail.com>
Closes #18440

2026-04-27 10:57:52 -07:00

avl

Prefer VERIFY0P(n) over VERIFY(n == NULL)

2025-08-07 11:41:37 -07:00

icp

Fix check for .cfi_negate_ra_state on aarch64

2026-04-23 14:33:00 -07:00

lua

SPDX: license tags: MIT

2025-03-13 17:56:54 -07:00

nvpair

nvpair: chase FreeBSD xdrproc_t definition