From 249d759caf816eaadd1b4ff3ca22f438a8c25c36 Mon Sep 17 00:00:00 2001 From: Chunwei Chen Date: Mon, 2 Oct 2023 16:58:01 -0700 Subject: [PATCH] Fix invalid pointer access in trace_dbuf.h In dnode_destroy, dn_objset is invalidated. However, it will later call into dbuf_destroy, in which DTRACE_SET_STATE will try to access spa_name via dn_objset causing illegal pointer access. Reviewed-by: Brian Atkinson Reviewed-by: Brian Behlendorf Signed-off-by: Chunwei Chen Closes #15333 --- include/os/linux/zfs/sys/trace_dbuf.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/include/os/linux/zfs/sys/trace_dbuf.h b/include/os/linux/zfs/sys/trace_dbuf.h index 11d25be35b..0f6a98b47d 100644 --- a/include/os/linux/zfs/sys/trace_dbuf.h +++ b/include/os/linux/zfs/sys/trace_dbuf.h @@ -60,8 +60,12 @@ #define DBUF_TP_FAST_ASSIGN \ if (db != NULL) { \ - __assign_str(os_spa, \ - spa_name(DB_DNODE(db)->dn_objset->os_spa)); \ + if (POINTER_IS_VALID(DB_DNODE(db)->dn_objset)) { \ + __assign_str(os_spa, \ + spa_name(DB_DNODE(db)->dn_objset->os_spa)); \ + } else { \ + __assign_str(os_spa, "NULL"); \ + } \ \ __entry->ds_object = db->db_objset->os_dsl_dataset ? \ db->db_objset->os_dsl_dataset->ds_object : 0; \