Steve Gonczi
2010-Sep-09 00:21 UTC
[zfs-code] dmu_tx_create_dd may leave tx_pool un-initialized
Hello,
Just looking at a piece of code in dmu_tx.c and have one question:
in dmu_tx_t *
dmu_tx_create_dd(dsl_dir_t *dd)
{
dmu_tx_t *tx = kmem_zalloc(sizeof (dmu_tx_t), KM_SLEEP);
tx->tx_dir = dd;
if (dd)
tx->tx_pool = dd->dd_pool;
According to this, the tx_pool may remain un-initialized, if dd==null.
in dmu_tx_count_free() the tx_pool is de-referenced without checking.
spa_t *spa = txh->txh_tx->tx_pool->dp_spa;
Could the spa here be derived from the dnode''s object set instead?
e.g.:
spa_t *spa = dn->dn_objset->os_spa;
TIA for any insights.
Steve
--
This message posted from opensolaris.org
Pawel Jakub Dawidek
2010-Sep-09 05:27 UTC
[zfs-code] dmu_tx_create_dd may leave tx_pool un-initialized
On Wed, Sep 08, 2010 at 05:21:45PM -0700, Steve Gonczi wrote:> Hello, > > Just looking at a piece of code in dmu_tx.c and have one question: > > in dmu_tx_t * > dmu_tx_create_dd(dsl_dir_t *dd) > { > dmu_tx_t *tx = kmem_zalloc(sizeof (dmu_tx_t), KM_SLEEP); > tx->tx_dir = dd; > if (dd) > tx->tx_pool = dd->dd_pool; > > According to this, the tx_pool may remain un-initialized, if dd==null. > > in dmu_tx_count_free() the tx_pool is de-referenced without checking. > > spa_t *spa = txh->txh_tx->tx_pool->dp_spa; > > Could the spa here be derived from the dnode''s object set instead? > e.g.: > > spa_t *spa = dn->dn_objset->os_spa; > > TIA for any insights.I think the only place dd=NULL is passed is dmu_tx_create_assigned(), but tx_pool is initialized in there: dmu_tx_t * dmu_tx_create_assigned(struct dsl_pool *dp, uint64_t txg) { dmu_tx_t *tx = dmu_tx_create_dd(NULL); ASSERT3U(txg, <=, dp->dp_tx.tx_open_txg); tx->tx_pool = dp; [...] -- Pawel Jakub Dawidek http://www.wheelsystems.com pjd at FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: <http://mail.opensolaris.org/pipermail/zfs-code/attachments/20100909/720a825b/attachment.bin>
Darren J Moffat
2010-Sep-09 08:12 UTC
[zfs-code] dmu_tx_create_dd may leave tx_pool un-initialized
On 09/09/2010 01:21, Steve Gonczi wrote:> > According to this, the tx_pool may remain un-initialized, if dd==null.I may be nit picking but it isn''t un-initalized is is NULL (0) because kmem_zalloc() not kmem_alloc() was used. It isn''t set though. -- Darren J Moffat