Date: Sun, 20 Mar 2016 18:56:03 +0000 (UTC) From: Alexander Motin <mav@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r297071 - stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs Message-ID: <201603201856.u2KIu30r033524@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mav Date: Sun Mar 20 18:56:03 2016 New Revision: 297071 URL: https://svnweb.freebsd.org/changeset/base/297071 Log: MFC r271781i (by will): bpobj_iterate_impl(): Close a refcount leak iterating on a sublist. If bpobj_space() returned non-zero here, the sublist would have been left open, along with the bonus buffer hold it requires. This call does not invoke any calls to bpobj_close() itself. This bug doesn't have any known vector, but was found on inspection. MFC after: 1 week Sponsored by: Spectra Logic Affects: All ZFS versions starting 21 May 2010 (illumos cde58dbc) MFSpectraBSD: r1050998 on 2014/03/26 Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c ============================================================================== --- stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c Sun Mar 20 18:31:30 2016 (r297070) +++ stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c Sun Mar 20 18:56:03 2016 (r297071) @@ -300,8 +300,10 @@ bpobj_iterate_impl(bpobj_t *bpo, bpobj_i if (free) { err = bpobj_space(&sublist, &used_before, &comp_before, &uncomp_before); - if (err) + if (err != 0) { + bpobj_close(&sublist); break; + } } err = bpobj_iterate_impl(&sublist, func, arg, tx, free); if (free) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603201856.u2KIu30r033524>