summaryrefslogtreecommitdiffstats
path: root/module
diff options
context:
space:
mode:
authorDeHackEd <[email protected]>2017-11-17 18:11:39 -0500
committerBrian Behlendorf <[email protected]>2017-11-17 15:11:39 -0800
commitda5d4697a84f0baf7d8fb9dbdf2e1312a370c075 (patch)
tree9de45c9631a42e63cdd59073ded719025a49d59e /module
parentd4a72f23863382bdf6d0ae33196f5b5decbc48fd (diff)
Fix ARC pointer overrun
Only access the `b_crypt_hdr` field of an ARC header if the content is encrypted. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Tom Caputi <[email protected]> Reviewed-by: George Melikov <[email protected]> Reviewed-by: Giuseppe Di Natale <[email protected]> Signed-off-by: DHE <[email protected]> Closes #6877
Diffstat (limited to 'module')
-rw-r--r--module/zfs/arc.c20
1 files changed, 11 insertions, 9 deletions
diff --git a/module/zfs/arc.c b/module/zfs/arc.c
index 698357632..10b1c60d5 100644
--- a/module/zfs/arc.c
+++ b/module/zfs/arc.c
@@ -3155,17 +3155,19 @@ arc_buf_destroy_impl(arc_buf_t *buf)
ASSERT(hdr->b_l1hdr.b_bufcnt > 0);
hdr->b_l1hdr.b_bufcnt -= 1;
- if (ARC_BUF_ENCRYPTED(buf))
+ if (ARC_BUF_ENCRYPTED(buf)) {
hdr->b_crypt_hdr.b_ebufcnt -= 1;
- /*
- * If we have no more encrypted buffers and we've already
- * gotten a copy of the decrypted data we can free b_rabd to
- * save some space.
- */
- if (hdr->b_crypt_hdr.b_ebufcnt == 0 && HDR_HAS_RABD(hdr) &&
- hdr->b_l1hdr.b_pabd != NULL && !HDR_IO_IN_PROGRESS(hdr)) {
- arc_hdr_free_abd(hdr, B_TRUE);
+ /*
+ * If we have no more encrypted buffers and we've
+ * already gotten a copy of the decrypted data we can
+ * free b_rabd to save some space.
+ */
+ if (hdr->b_crypt_hdr.b_ebufcnt == 0 &&
+ HDR_HAS_RABD(hdr) && hdr->b_l1hdr.b_pabd != NULL &&
+ !HDR_IO_IN_PROGRESS(hdr)) {
+ arc_hdr_free_abd(hdr, B_TRUE);
+ }
}
}