From 38f74494991f5e866666a07fbc638ea4e6377ab5 Mon Sep 17 00:00:00 2001
From: Allan Jude <allan@klarasystems.com>
Date: Wed, 17 Jan 2024 18:54:03 +0000
Subject: [PATCH] ARC changes to fix memory related crashes with encryption

- Bail early in arc_buf_fill() when hdr->b_crypt_hdr.b_rabd is NULL
- In arc_write(), avoid arc_hdr_free_abd() when HDR_IO_IN_PROGRESS
  indicates it's still in use.

Sponsored-By: Odoo SA
Sponsored-By: Klara Inc.
Signed-off-by: Don Brady <don.brady@klarasystems.com>
---
 module/zfs/arc.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/module/zfs/arc.c b/module/zfs/arc.c
index 3bcffb3c7e..1a9f6cd2a2 100644
--- a/module/zfs/arc.c
+++ b/module/zfs/arc.c
@@ -2008,6 +2008,9 @@ arc_buf_fill(arc_buf_t *buf, spa_t *spa, const zbookmark_phys_t *zb,
 	 * further transforms on it.
 	 */
 	if (encrypted) {
+		if (hdr->b_crypt_hdr.b_rabd == NULL)
+			return (ECKSUM);
+
 		ASSERT(HDR_HAS_RABD(hdr));
 		abd_copy_to_buf(buf->b_data, hdr->b_crypt_hdr.b_rabd,
 		    HDR_GET_PSIZE(hdr));
@@ -2056,6 +2059,11 @@ arc_buf_fill(arc_buf_t *buf, spa_t *spa, const zbookmark_phys_t *zb,
 
 			if (hash_lock != NULL)
 				mutex_enter(hash_lock);
+			if (hdr->b_l1hdr.b_pabd == NULL) {
+				if (hash_lock != NULL)
+					mutex_exit(hash_lock);
+				return (EACCES);
+			}
 			arc_buf_untransform_in_place(buf);
 			if (hash_lock != NULL)
 				mutex_exit(hash_lock);
@@ -6704,7 +6712,7 @@ arc_write(zio_t *pio, spa_t *spa, uint64_t txg,
 		VERIFY3P(buf->b_data, !=, NULL);
 	}
 
-	if (HDR_HAS_RABD(hdr))
+	if (HDR_HAS_RABD(hdr) && !HDR_IO_IN_PROGRESS(hdr))
 		arc_hdr_free_abd(hdr, B_TRUE);
 
 	if (!(zio_flags & ZIO_FLAG_RAW))