Re: crash zfs_clone_range()
- Reply: Mateusz Guzik : "Re: crash zfs_clone_range()"
- Reply: Alexander Motin : "Re: crash zfs_clone_range()"
- In reply to: Mateusz Guzik : "Re: crash zfs_clone_range()"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 14 Nov 2023 17:44:58 UTC
On 14.11.2023 12:39, Mateusz Guzik wrote:
> One of the vnodes is probably not zfs, I suspect this will do it (untested):
>
> diff --git a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> index 107cd69c756c..e799a7091b8e 100644
> --- a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> +++ b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> @@ -6270,6 +6270,11 @@ zfs_freebsd_copy_file_range(struct
> vop_copy_file_range_args *ap)
> goto bad_write_fallback;
> }
> }
> +
> + if (invp->v_mount->mnt_vfc != outvp->v_mount->mnt_vfc) {
> + goto bad_write_fallback;
> + }
> +
> if (invp == outvp) {
> if (vn_lock(outvp, LK_EXCLUSIVE) != 0) {
> goto bad_write_fallback;
>
vn_copy_file_range() verifies for that:
/*
* If the two vnodes are for the same file system type, call
* VOP_COPY_FILE_RANGE(), otherwise call
vn_generic_copy_file_range()
* which can handle copies across multiple file system types.
*/
*lenp = len;
if (inmp == outmp || strcmp(inmp->mnt_vfc->vfc_name,
outmp->mnt_vfc->vfc_name) == 0)
error = VOP_COPY_FILE_RANGE(invp, inoffp, outvp, outoffp,
lenp, flags, incred, outcred, fsize_td);
else
error = vn_generic_copy_file_range(invp, inoffp, outvp,
outoffp, lenp, flags, incred, outcred, fsize_td);
--
Alexander Motin