HomeFreeBSD

Linux: Fix use-after-free in zfsvfs_create()

Description

Linux: Fix use-after-free in zfsvfs_create()

Coverity reported that we pass a pointer to zfsvfs to
dmu_objset_disown() after freeing zfsvfs in zfsvfs_create_impl() after
a failure in zfsvfs_init().

We have nearly identical duplicate versions of this code for FreeBSD and
Linux, but interestingly, the FreeBSD version of this code differs in
such a way that it does not suffer from this bug. We remove the
difference from the FreeBSD version to fix this bug.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13883

Details

Provenance
Richard Yao <richard.yao@alumni.stonybrook.edu>Authored on Sep 20 2022, 12:30 AM
GitHub <noreply@github.com>Committed on Sep 20 2022, 12:30 AM
Parents
rG042d43a1ddf1: FreeBSD: fix static module build broken in 7bb707ffa
Branches
Unknown
Tags
Unknown

Event Timeline

GitHub <noreply@github.com> committed rG891ac937beb9: Linux: Fix use-after-free in zfsvfs_create() (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Sep 20 2022, 12:30 AM