Date: Thu, 16 Jan 2014 12:31:27 +0000 (UTC) From: Andriy Gapon <avg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r260706 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs Message-ID: <201401161231.s0GCVRuO087724@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: avg Date: Thu Jan 16 12:31:27 2014 New Revision: 260706 URL: http://svnweb.freebsd.org/changeset/base/260706 Log: zfs_deleteextattr: name buffer from namei is needed by zfs_rename If we prematurely free the name buffer and it gets quickly recycled, then zfs_rename may see data from another lookup or even unmapped memory via cn_nameptr. MFC after: 6 days Sponsored by: HybridCluster Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Thu Jan 16 12:26:54 2014 (r260705) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c Thu Jan 16 12:31:27 2014 (r260706) @@ -6774,14 +6774,16 @@ vop_deleteextattr { UIO_SYSSPACE, attrname, xvp, td); error = namei(&nd); vp = nd.ni_vp; - NDFREE(&nd, NDF_ONLY_PNBUF); if (error != 0) { ZFS_EXIT(zfsvfs); + NDFREE(&nd, NDF_ONLY_PNBUF); if (error == ENOENT) error = ENOATTR; return (error); } + error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd); + NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_dvp); if (vp == nd.ni_dvp)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401161231.s0GCVRuO087724>