From 16f7d95ffc686c769d8b030b918b0b674125855a Mon Sep 17 00:00:00 2001 From: Chunwei Chen Date: Fri, 18 Dec 2015 11:39:41 -0800 Subject: [PATCH] Fix empty xattr dir causing lockup During zfs_rmnode on a xattr dir, if the system crash just after dmu_free_long_range, we would get empty xattr dir in delete queue. This would cause blkid=0 be passed into zap_get_leaf_byblk when doing zfs_purgedir during mount, and would try to do rw_enter on a wrong structure and cause system lockup. We fix this by returning ENOENT when blkid is zero in zap_get_leaf_byblk. Signed-off-by: Chunwei Chen --- module/zfs/zap.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/module/zfs/zap.c b/module/zfs/zap.c index c5ea392b6a1d..c9398e885fda 100644 --- a/module/zfs/zap.c +++ b/module/zfs/zap.c @@ -504,6 +504,16 @@ zap_get_leaf_byblk(zap_t *zap, uint64_t blkid, dmu_tx_t *tx, krw_t lt, ASSERT(RW_LOCK_HELD(&zap->zap_rwlock)); + /* + * If system crashed just after dmu_free_long_range in zfs_rmnode, we + * would be left with an empty xattr dir in delete queue. blkid=0 + * would be passed in when doing zfs_purgedir. If that's the case we + * should just return immediately. The underlying objects should + * already be freed, so this should be perfectly fine. + */ + if (blkid == 0) + return (ENOENT); + err = dmu_buf_hold(zap->zap_objset, zap->zap_object, blkid << bs, NULL, &db, DMU_READ_NO_PREFETCH); if (err)