head_errlog: fix use-after-free #16273

gamanakis · 2024-06-16T19:02:27Z

Motivation and Context

In the commit of the head_errlog feature we introduced a bug in dsl_dataset_promote_sync(): we may dereference origin_head and hds, both dereferencing ddpa after calling promote_sync() on ddpa.

Closes: #16272

Description

Call promote_sync() on ddpa after calling spa_swap_errlog().

How Has This Been Tested?

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Performance enhancement (non-breaking change which improves efficiency)
Code cleanup (non-breaking change which makes code smaller or more readable)
Breaking change (fix or feature that would cause existing functionality to change)
Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
Documentation (a change to man pages or other documentation)

Checklist:

My code follows the OpenZFS code style requirements.
I have updated the documentation accordingly.
I have read the contributing document.
I have added tests to cover my changes.
I have run the ZFS Test Suite with this change applied.
All commit messages are properly formatted and contain Signed-off-by.

tuxoko

Looks good. This should also fix #15531

tonyhutter

Looks good. I think your commit message might need a # before the issue number in:

Closes: 16272

gamanakis · 2024-07-02T08:39:05Z

Looks good. I think your commit message might need a # before the issue number in:
Closes: 16272

Done!

tonyhutter · 2024-07-12T18:06:00Z

I think this is basically good to go. Can you rebase on master to kick off buildbot again? We had some recent ZTS fixes that got merged that might help with the F39-40 failures you're seeing.

In the commit of the head_errlog feature we introduced a bug in dsl_dataset_promote_sync(): we may dereference origin_head and hds, both dereferencing ddpa after calling promote_sync() on ddpa. Closes: openzfs#16272 Signed-off-by: George Amanakis <[email protected]>

gamanakis · 2024-07-12T19:12:31Z

914bbc9: rebased to master

In the commit of the head_errlog feature we introduced a bug in dsl_dataset_promote_sync(): we may dereference origin_head and hds, both dereferencing ddpa after calling promote_sync() on ddpa. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Chunwei Chen <[email protected]> Reviewed-by: Rob Norris <[email protected]> Reviewed-by: Tony Hutter <[email protected]> Signed-off-by: George Amanakis <[email protected]> Closes #16272 Closes #16273

In the commit of the head_errlog feature we introduced a bug in dsl_dataset_promote_sync(): we may dereference origin_head and hds, both dereferencing ddpa after calling promote_sync() on ddpa. Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Chunwei Chen <[email protected]> Reviewed-by: Rob Norris <[email protected]> Reviewed-by: Tony Hutter <[email protected]> Signed-off-by: George Amanakis <[email protected]> Closes openzfs#16272 Closes openzfs#16273

gamanakis mentioned this pull request Jun 16, 2024

use-after-free in dsl_dataset_promote_sync() #16272

Closed

gamanakis marked this pull request as ready for review June 17, 2024 05:57

tuxoko approved these changes Jun 18, 2024

View reviewed changes

robn approved these changes Jun 25, 2024

View reviewed changes

gamanakis mentioned this pull request Jun 27, 2024

[2.2] head_errlog: fix use-after-free #16306

Merged

13 tasks

tonyhutter approved these changes Jun 28, 2024

View reviewed changes

gamanakis force-pushed the is16272 branch from 7ceaaa8 to c73932b Compare July 2, 2024 08:38

behlendorf approved these changes Jul 12, 2024

View reviewed changes

behlendorf added the Status: Accepted Ready to integrate (reviewed, tested) label Jul 12, 2024

gamanakis force-pushed the is16272 branch from c73932b to 914bbc9 Compare July 12, 2024 19:12

behlendorf merged commit c87cb22 into openzfs:master Jul 15, 2024
22 of 25 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

head_errlog: fix use-after-free #16273

head_errlog: fix use-after-free #16273

Uh oh!

gamanakis commented Jun 16, 2024 •

edited

Loading

Uh oh!

tuxoko left a comment

Uh oh!

tonyhutter left a comment

Uh oh!

gamanakis commented Jul 2, 2024

Uh oh!

tonyhutter commented Jul 12, 2024

Uh oh!

gamanakis commented Jul 12, 2024

Uh oh!

Uh oh!

Uh oh!

head_errlog: fix use-after-free #16273

head_errlog: fix use-after-free #16273

Uh oh!

Conversation

gamanakis commented Jun 16, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Motivation and Context

Description

How Has This Been Tested?

Types of changes

Checklist:

Uh oh!

tuxoko left a comment

Choose a reason for hiding this comment

Uh oh!

tonyhutter left a comment

Choose a reason for hiding this comment

Uh oh!

gamanakis commented Jul 2, 2024

Uh oh!

tonyhutter commented Jul 12, 2024

Uh oh!

gamanakis commented Jul 12, 2024

Uh oh!

Uh oh!

Uh oh!

gamanakis commented Jun 16, 2024 •

edited

Loading