Author: mav Date: Wed Jul 26 16:50:55 2017 New Revision: 321559 URL: https://svnweb.freebsd.org/changeset/base/321559
Log: MFC r318921: MFV r316928: 7256 low probability race in zfs_get_data illumos/illumos-gate@0c94e1af6784c69a1dea25e0e35dd13b2b91e2e5 https://github.com/illumos/illumos-gate/commit/0c94e1af6784c69a1dea25e0e35dd13b2b91e2e5 https://www.illumos.org/issues/7256 error = dmu_sync(zio, lr->lr_common.lrc_txg, zfs_get_done, zgd); ASSERT(error || lr->lr_length <= zp->z_blksz); It's possible, although extremely rare, that the zfs_get_done() callback is executed before dmu_sync() returns. In that case the znode's range lock is dropped and the znode is unreferenced. Thus, the assertion can access some invalid or wrong data via the zp pointer. size variable caches the correct value of z_blksz and can be safely used here. Reviewed by: Matt Ahrens <mahr...@delphix.com> Reviewed by: Pavel Zakharov <pavel.zakha...@delphix.com> Approved by: Dan McDonald <dan...@omniti.com> Author: Andriy Gapon <andriy.ga...@clusterhq.com> Modified: stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c ============================================================================== --- stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Wed Jul 26 16:50:15 2017 (r321558) +++ stable/11/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Wed Jul 26 16:50:55 2017 (r321559) @@ -1385,7 +1385,7 @@ zfs_get_data(void *arg, lr_write_t *lr, char *buf, zio error = dmu_sync(zio, lr->lr_common.lrc_txg, zfs_get_done, zgd); - ASSERT(error || lr->lr_length <= zp->z_blksz); + ASSERT(error || lr->lr_length <= size); /* * On success, we need to wait for the write I/O _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"