diff options
author | Brian Behlendorf <[email protected]> | 2012-09-12 11:16:08 -0700 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2012-09-12 14:22:52 -0700 |
commit | 5915791096e6b5be0bad7d2e3f683b4e7908cf19 (patch) | |
tree | 15cd0d60bfcb4db298a2ec69e46461ead2ec1b96 /module | |
parent | cda4db408c28a29438ba702e2018bd0d5dd0cc03 (diff) |
Move iput() after zfs_inode_update()
When replaying an unlink/remove operation via zfs_rmdir() the object
being removed will be instantiated by a call to zfs_dirent_lock().
This means that there is a single reference protecting the object.
Right before the call to zfs_inode_update() this reference is dropped
which may cause the object to be destroyed. This will result in a
NULL dereference as shown by the stack trace is issue #782.
This likely isn't an issue during normal operation because there is
always an additional reference held on the object by the VFS.
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #782
Diffstat (limited to 'module')
-rw-r--r-- | module/zfs/zfs_vnops.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c index 75614340f..300330231 100644 --- a/module/zfs/zfs_vnops.c +++ b/module/zfs/zfs_vnops.c @@ -1900,13 +1900,13 @@ top: out: zfs_dirent_unlock(dl); + zfs_inode_update(dzp); + zfs_inode_update(zp); iput(ip); if (zsb->z_os->os_sync == ZFS_SYNC_ALWAYS) zil_commit(zilog, 0); - zfs_inode_update(dzp); - zfs_inode_update(zp); ZFS_EXIT(zsb); return (error); } |