aboutsummaryrefslogtreecommitdiffstats
path: root/include/sys/zfs_znode.h
diff options
context:
space:
mode:
authorMatthew Ahrens <[email protected]>2017-02-09 10:19:12 -0800
committerBrian Behlendorf <[email protected]>2017-02-09 10:19:12 -0800
commitdf7eeccc7597980efd3cb1efd9377ad5e0483042 (patch)
tree019acfbccd405cdc2ee0f41b0ba0fdafd3aeea42 /include/sys/zfs_znode.h
parentb0eac56a4d69c6f2ae7cb1937cf59e05c52e3a60 (diff)
panic in bpobj_space(): null pointer dereference
This is a race condition in the deadlist code. A thread executing an administrative command that uses dsl_deadlist_space_range() holds the lock of the whole deadlist_t to protect the access of all its entries that the deadlist contains in an avl tree. Sync threads trying to insert a new entry in the deadlist (through dsl_deadlist_insert() -> dle_enqueue()) do not hold the deadlist lock at that moment. If the dle_bpobj is the empty bpobj (our sentinel value), we close and reopen it. Between these two operations, it is possible for the dsl_deadlist_space_range() thread to dereference that bpobj which is NULL during that window. Threads should hold the a deadlist's dl_lock when they manipulate its internal data so scenarios like the one above are avoided. Reviewed-by: Matthew Ahrens <[email protected]> Reviewed-by: Dan Kimmel <[email protected]> Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Signed-off-by: Matthew Ahrens <[email protected]> Closes #5762
Diffstat (limited to 'include/sys/zfs_znode.h')
0 files changed, 0 insertions, 0 deletions