diff options
author | Brian Behlendorf <[email protected]> | 2017-08-08 08:38:53 -0700 |
---|---|---|
committer | Tony Hutter <[email protected]> | 2017-08-08 10:17:33 -0700 |
commit | 751941e24856a2d451a5281f0502862c2198b411 (patch) | |
tree | 379c0c8cf445d34e83a8f495869a0ce689a0a254 /rpm | |
parent | ef605a5517ba1ef24c4750ca8912e5a52f4360b3 (diff) |
Fix dnode allocation race
When performing concurrent object allocations using the new
multi-threaded allocator and large dnodes it's possible to
allocate overlapping large dnodes.
This case should have been handled by detecting an error
returned by dnode_hold_impl(). But that logic only checked
the returned dnp was not-NULL, and the dnp variable was not
reset to NULL when retrying. Resolve this issue by properly
checking the return value of dnode_hold_impl().
Additionally, it was possible that dnode_hold_impl() would
misreport a dnode as free when it was in fact in use. This
could occurs for two reasons:
* The per-slot zrl_lock must be held over the entire critical
section which includes the alloc/free until the new dnode
is assigned to children_dnodes. Additionally, all of the
zrl_lock's in the range must be held to protect moving
dnodes.
* The dn->dn_ot_type cannot be solely relied upon to check
the type. When allocating a new dnode its type will be
DMU_OT_NONE after dnode_create(). Only latter when
dnode_allocate() is called will it transition to the new
type. This means there's a window when allocating where
it can mistaken for a free dnode.
Reviewed-by: Giuseppe Di Natale <[email protected]>
Reviewed-by: Ned Bass <[email protected]>
Reviewed-by: Tony Hutter <[email protected]>
Reviewed-by: Olaf Faaland <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #6414
Closes #6439
Diffstat (limited to 'rpm')
0 files changed, 0 insertions, 0 deletions