Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Linux: Defer loading the object set in zfs_setattr() 

We need to wait until after having done a zfs_enter() to load some
fields from the zfsvfs structure.  Otherwise a use-after-free is
possible in the face of a concurrent rollback.

Other functions in this file are careful to avoid this bug, I believe
this is the only instance.

Reviewed-by: Brian Atkinson <batkinson@lanl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Mark Johnston <markj@FreeBSD.org>
Closes #15752
This commit is contained in:
Mark Johnston 2024-01-09 10:57:29 -05:00 committed by Brian Behlendorf
parent a382e21194
commit d8b2686603
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
module/os/linux/zfs/zfs_vnops_os.c
View File

@ -1856,7 +1856,7 @@ zfs_setattr(znode_t *zp, vattr_t *vap, int flags, cred_t *cr, zidmap_t *mnt_ns)
{ {
struct inode *ip; struct inode *ip;
zfsvfs_t *zfsvfs = ZTOZSB(zp); zfsvfs_t *zfsvfs = ZTOZSB(zp);
objset_t *os = zfsvfs->z_os; objset_t *os;
zilog_t *zilog; zilog_t *zilog;
dmu_tx_t *tx; dmu_tx_t *tx;
vattr_t oldva; vattr_t oldva;
@ -1888,6 +1888,7 @@ zfs_setattr(znode_t *zp, vattr_t *vap, int flags, cred_t *cr, zidmap_t *mnt_ns)
if ((err = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0) if ((err = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
return (err); return (err);
ip = ZTOI(zp); ip = ZTOI(zp);
os = zfsvfs->z_os;
/* /*
* If this is a xvattr_t, then get a pointer to the structure of * If this is a xvattr_t, then get a pointer to the structure of