Fix integer overflow of ZTOI(zp)->i_generation
The ZFS on-disk format stores each inode's generation ID as a 64 bit number on disk and in-core. However, the Linux kernel's inode is only a 32 bit number. In most places, the code handles this correctly, but the cast is missing in zfs_rezget(). For many pools, this isn't an issue since the generation ID is computed as the current txg when the inode is created and many pools don't have more than 2^32 txgs. For the pools that have more txgs, this issue causes any inode with a high enough generation number to report IO errors after a call to "zfs rollback" while holding the file or directory open. This patch simply adds the missing cast. Reviewed-by: Alek Pinchuk <apinchuk@datto.com> Reviewed-by: George Melikov <mail@gmelikov.ru> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tom Caputi <tcaputi@datto.com> Closes #8858
This commit is contained in:
parent
8e91c5ba6a
commit
3ce85b5e60
|
@ -1253,7 +1253,7 @@ zfs_rezget(znode_t *zp)
|
||||||
ZFS_TIME_DECODE(&ZTOI(zp)->i_mtime, mtime);
|
ZFS_TIME_DECODE(&ZTOI(zp)->i_mtime, mtime);
|
||||||
ZFS_TIME_DECODE(&ZTOI(zp)->i_ctime, ctime);
|
ZFS_TIME_DECODE(&ZTOI(zp)->i_ctime, ctime);
|
||||||
|
|
||||||
if (gen != ZTOI(zp)->i_generation) {
|
if ((uint32_t)gen != ZTOI(zp)->i_generation) {
|
||||||
zfs_znode_dmu_fini(zp);
|
zfs_znode_dmu_fini(zp);
|
||||||
zfs_znode_hold_exit(zfsvfs, zh);
|
zfs_znode_hold_exit(zfsvfs, zh);
|
||||||
return (SET_ERROR(EIO));
|
return (SET_ERROR(EIO));
|
||||||
|
|
Loading…
Reference in New Issue