aboutsummaryrefslogtreecommitdiffstats
path: root/module
diff options
context:
space:
mode:
authorBrian Behlendorf <[email protected]>2012-09-12 11:16:08 -0700
committerBrian Behlendorf <[email protected]>2012-09-12 14:22:52 -0700
commit5915791096e6b5be0bad7d2e3f683b4e7908cf19 (patch)
tree15cd0d60bfcb4db298a2ec69e46461ead2ec1b96 /module
parentcda4db408c28a29438ba702e2018bd0d5dd0cc03 (diff)
Move iput() after zfs_inode_update()
When replaying an unlink/remove operation via zfs_rmdir() the object being removed will be instantiated by a call to zfs_dirent_lock(). This means that there is a single reference protecting the object. Right before the call to zfs_inode_update() this reference is dropped which may cause the object to be destroyed. This will result in a NULL dereference as shown by the stack trace is issue #782. This likely isn't an issue during normal operation because there is always an additional reference held on the object by the VFS. Signed-off-by: Brian Behlendorf <[email protected]> Closes #782
Diffstat (limited to 'module')
-rw-r--r--module/zfs/zfs_vnops.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c
index 75614340f..300330231 100644
--- a/module/zfs/zfs_vnops.c
+++ b/module/zfs/zfs_vnops.c
@@ -1900,13 +1900,13 @@ top:
out:
zfs_dirent_unlock(dl);
+ zfs_inode_update(dzp);
+ zfs_inode_update(zp);
iput(ip);
if (zsb->z_os->os_sync == ZFS_SYNC_ALWAYS)
zil_commit(zilog, 0);
- zfs_inode_update(dzp);
- zfs_inode_update(zp);
ZFS_EXIT(zsb);
return (error);
}