Date: Thu, 18 Sep 2014 15:37:53 +0000 (UTC) From: Will Andrews <will@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r271781 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs Message-ID: <201409181537.s8IFbrh3003718@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: will Date: Thu Sep 18 15:37:53 2014 New Revision: 271781 URL: http://svnweb.freebsd.org/changeset/base/271781 Log: bpobj_iterate_impl(): Close a refcount leak iterating on a sublist. If bpobj_space() returned non-zero here, the sublist would have been left open, along with the bonus buffer hold it requires. This call does not invoke any calls to bpobj_close() itself. This bug doesn't have any known vector, but was found on inspection. MFC after: 1 week Sponsored by: Spectra Logic Affects: All ZFS versions starting 21 May 2010 (illumos cde58dbc) MFSpectraBSD: r1050998 on 2014/03/26 Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c Thu Sep 18 15:26:12 2014 (r271780) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c Thu Sep 18 15:37:53 2014 (r271781) @@ -301,8 +301,10 @@ bpobj_iterate_impl(bpobj_t *bpo, bpobj_i if (free) { err = bpobj_space(&sublist, &used_before, &comp_before, &uncomp_before); - if (err) + if (err != 0) { + bpobj_close(&sublist); break; + } } err = bpobj_iterate_impl(&sublist, func, arg, tx, free); if (free) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201409181537.s8IFbrh3003718>