Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity
zfs/module
History
Chunwei Chen d5b0e7fcf1 Fix get_zfs_sb race with concurrent umount 
Certain ioctl operations will call get_zfs_sb, which will holds an active
count on sb without checking whether it's active or not. This will result
in use-after-free. We fix this by using atomic_inc_not_zero to make sure
we got an active sb.

P1                                          P2
---                                         ---
deactivate_locked_super(): s_active = 0
                                            zfs_sb_hold()
                                            ->get_zfs_sb(): s_active = 1
->zpl_kill_sb()
-->zpl_put_super()
--->zfs_umount()
---->zfs_sb_free(zsb)
                                            zfs_sb_rele(zsb)

Signed-off-by: Chunwei Chen <david.chen@osnexus.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
 		2016-09-09 13:21:09 -07:00
..
avl Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
nvpair Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
unicode Support parallel build trees (VPATH builds) 2015-07-17 13:42:51 -07:00
zcommon Fix uioskip crash when skip to end 2015-09-29 15:27:14 -07:00
zfs Fix get_zfs_sb race with concurrent umount 2016-09-09 13:21:09 -07:00
zpios Linux 4.2 compat: misc_deregister() 2015-09-01 09:33:18 -07:00
.gitignore gitignore: anchor entries at their respective directory 2013-04-02 10:50:17 -07:00
Makefile.in Prevent rm modules.* when make install 2015-12-23 17:29:34 -08:00