From d10b2f1d35b76efc22c006ba9ca172681da301e7 Mon Sep 17 00:00:00 2001 From: Jorgen Lundman Date: Tue, 19 Mar 2019 12:34:30 +0900 Subject: Mutex leak in dsl_dataset_hold_obj() In addition to dsl_dataset_evict_async() releasing a hold, there is an error case in dsl_dataset_hold_obj() which had missed 4 additional release calls. This was introduced in a1d477c24. openzfsonosx-commit: https://github.com/openzfsonosx/zfs/commit/63ff7f1c Authored by: Jorgen Lundman Reviewed-by: Olaf Faaland Reviewed by: Brian Behlendorf Ported-by: Brian Behlendorf Closes #8517 --- module/zfs/dsl_dataset.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/module/zfs/dsl_dataset.c b/module/zfs/dsl_dataset.c index 086750fed..966c2cc93 100644 --- a/module/zfs/dsl_dataset.c +++ b/module/zfs/dsl_dataset.c @@ -650,10 +650,14 @@ dsl_dataset_hold_obj(dsl_pool_t *dp, uint64_t dsobj, void *tag, if (ds->ds_prev) dsl_dataset_rele(ds->ds_prev, ds); dsl_dir_rele(ds->ds_dir, ds); + list_destroy(&ds->ds_prop_cbs); + list_destroy(&ds->ds_sendstreams); mutex_destroy(&ds->ds_lock); mutex_destroy(&ds->ds_opening_lock); mutex_destroy(&ds->ds_sendstream_lock); + mutex_destroy(&ds->ds_remap_deadlist_lock); zfs_refcount_destroy(&ds->ds_longholds); + rrw_destroy(&ds->ds_bp_rwlock); kmem_free(ds, sizeof (dsl_dataset_t)); if (err != 0) { dmu_buf_rele(dbuf, tag); -- cgit v1.2.3