From 3253b39fa605a828561817a0a35e9dae05966f15 Mon Sep 17 00:00:00 2001 From: Brian Behlendorf Date: Tue, 3 Aug 2010 15:56:29 -0700 Subject: [PATCH] Set bpo->bpo_object = 0 on close to allow retry During spa_load the spl->spa_deferred_bpobj maybe be opened and closed multiple times. It's critical that when the object is closed the bpo->bpo_object is set to zero to indicate the object is closed. If it's not during spl_load_retry the spl->spa_deferred_bpobj can be closes twice resulting in a NULL deref. This appears to have been fixed upstream the same way. --- .topdeps | 1 + .topmsg | 10 ++++++++++ module/zfs/bpobj.c | 1 + 3 files changed, 12 insertions(+) create mode 100644 .topdeps create mode 100644 .topmsg diff --git a/.topdeps b/.topdeps new file mode 100644 index 0000000000..1f7391f92b --- /dev/null +++ b/.topdeps @@ -0,0 +1 @@ +master diff --git a/.topmsg b/.topmsg new file mode 100644 index 0000000000..f1958cb115 --- /dev/null +++ b/.topmsg @@ -0,0 +1,10 @@ +From: Brian Behlendorf +Subject: [PATCH] fix bpobj_close + +During spa_load the spl->spa_deferred_bpobj maybe be opened and closed +multiple times. It's critical that when the object is closed the +bpo->bpo_object is set to zero to indicate the object is closed. +If it's not during spl_load_retry the spl->spa_deferred_bpobj can +be closes twice resulting in a NULL deref. + +This appears to have been fixed upstream the same way. diff --git a/module/zfs/bpobj.c b/module/zfs/bpobj.c index f81c48aca6..54babd86f2 100644 --- a/module/zfs/bpobj.c +++ b/module/zfs/bpobj.c @@ -140,6 +140,7 @@ bpobj_close(bpobj_t *bpo) bpo->bpo_dbuf = NULL; bpo->bpo_phys = NULL; bpo->bpo_cached_dbuf = NULL; + bpo->bpo_object = 0; mutex_destroy(&bpo->bpo_lock); }