zfs/lib
George Wilson 8415c3c170 file reference counts can get corrupted
Callers of zfs_file_get and zfs_file_put can corrupt the reference
counts for the file structure resulting in a panic or a soft lockup.
When zfs send/recv runs, it will add a reference count to the
open file, and begin to send or recv the stream. If the file descriptor
is closed, then when dmu_recv_stream() or dmu_send() return we will
call zfs_file_put to remove the reference we placed on the file
structure. Unfortunately, because zfs_file_put() uses the file
descriptor to lookup the file structure, it may end up finding that
the file descriptor table no longer contains the file struct, thus
leaking the file structure. Or it might end up finding a file
descriptor for a different file and blindly updating its reference
counts. Other failure modes probably exists.

This change reworks the zfs_file_[get|put] interface to not rely
on the file descriptor but instead pass the zfs_file_t pointer around.

Reviewed-by: Matthew Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Mark Maybee <mark.maybee@delphix.com>
Reviewed-by: Ryan Moeller <ryan@iXsystems.com>
Co-authored-by: Allan Jude <allan@klarasystems.com>
Signed-off-by: George Wilson <gwilson@delphix.com>
External-issue: DLPX-76119
Closes #12299
2021-09-14 12:37:38 -07:00
..
libavl cppcheck: integrete cppcheck 2021-01-26 16:12:26 -08:00
libefi cppcheck: integrete cppcheck 2021-01-26 16:12:26 -08:00
libicp cppcheck: integrete cppcheck 2021-01-26 16:12:26 -08:00
libnvpair Fix error check in nvlist_print_json_string 2021-06-09 13:05:34 -07:00
libshare freebsd/libshare: nfs: make nfs_is_shared() thread-safe 2021-04-19 15:22:58 -07:00
libspl libspl: implement atomics in terms of atomics 2021-06-21 21:48:31 -07:00
libtpool cppcheck: integrete cppcheck 2021-01-26 16:12:26 -08:00
libunicode cppcheck: integrete cppcheck 2021-01-26 16:12:26 -08:00
libuutil lib/: set O_CLOEXEC on all fds 2021-04-14 13:23:07 -07:00
libzfs Replace strchrnul() with strrchr() 2021-09-14 12:37:38 -07:00
libzfs_core libzfs{,_core}: set O_CLOEXEC on persistent (ZFS_DEV and MNTTAB) fds 2021-04-14 13:23:07 -07:00
libzfsbootenv libzfsbootenv: lzbe_set_boot_device(): don't free undefined pointer 2021-05-10 12:21:31 -07:00
libzpool file reference counts can get corrupted 2021-09-14 12:37:38 -07:00
libzstd cppcheck: integrete cppcheck 2021-01-26 16:12:26 -08:00
libzutil Reinstate the old zpool read label logic as a fallback 2021-05-27 22:31:57 -07:00
Makefile.am cppcheck: integrete cppcheck 2021-01-26 16:12:26 -08:00