diff options
| author | Will Andrews <will@FreeBSD.org> | 2014-09-18 15:37:53 +0000 |
|---|---|---|
| committer | Will Andrews <will@FreeBSD.org> | 2014-09-18 15:37:53 +0000 |
| commit | cf7a096e7210658003f9a2428b40c2a1c1057835 (patch) | |
| tree | c880133ae3cfdb5dafecf0e4658757f485032f66 /sys | |
| parent | ce2dea2a6a76cb1bf3c8c4d481a7b1b4c4951e7e (diff) | |
| download | src-cf7a096e7210658003f9a2428b40c2a1c1057835.tar.gz src-cf7a096e7210658003f9a2428b40c2a1c1057835.zip | |
bpobj_iterate_impl(): Close a refcount leak iterating on a sublist.
If bpobj_space() returned non-zero here, the sublist would have been
left open, along with the bonus buffer hold it requires. This call
does not invoke any calls to bpobj_close() itself.
This bug doesn't have any known vector, but was found on inspection.
MFC after: 1 week
Sponsored by: Spectra Logic
Affects: All ZFS versions starting 21 May 2010 (illumos cde58dbc)
MFSpectraBSD: r1050998 on 2014/03/26
Notes
Notes:
svn path=/head/; revision=271781
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c index e75ae72f9e9c..b19df1af3967 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c +++ b/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/bpobj.c @@ -301,8 +301,10 @@ bpobj_iterate_impl(bpobj_t *bpo, bpobj_itor_t func, void *arg, dmu_tx_t *tx, if (free) { err = bpobj_space(&sublist, &used_before, &comp_before, &uncomp_before); - if (err) + if (err != 0) { + bpobj_close(&sublist); break; + } } err = bpobj_iterate_impl(&sublist, func, arg, tx, free); if (free) { |