Move iput() after zfs_inode_update()
When replaying an unlink/remove operation via zfs_rmdir() the object being removed will be instantiated by a call to zfs_dirent_lock(). This means that there is a single reference protecting the object. Right before the call to zfs_inode_update() this reference is dropped which may cause the object to be destroyed. This will result in a NULL dereference as shown by the stack trace is issue #782. This likely isn't an issue during normal operation because there is always an additional reference held on the object by the VFS. Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #782
This commit is contained in:
parent
cda4db408c
commit
5915791096
|
@ -1900,13 +1900,13 @@ top:
|
|||
out:
|
||||
zfs_dirent_unlock(dl);
|
||||
|
||||
zfs_inode_update(dzp);
|
||||
zfs_inode_update(zp);
|
||||
iput(ip);
|
||||
|
||||
if (zsb->z_os->os_sync == ZFS_SYNC_ALWAYS)
|
||||
zil_commit(zilog, 0);
|
||||
|
||||
zfs_inode_update(dzp);
|
||||
zfs_inode_update(zp);
|
||||
ZFS_EXIT(zsb);
|
||||
return (error);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue