Skip to content

Commit 7b17cc5

Browse files
bspengler-ossRageLtMan
bspengler-oss
authored and
RageLtMan
committed
Preserve LIFO ordering of kmap ops in abd_raidz_gen_iterate()
ZFS typically preserves proper LIFO ordering regarding map/unmap operations that wrap the Linux kernel's kmap interfaces that require such ordering, but one instance in abd_raidz_gen_iterate() did not. Similar issues have been fixed in the Linux kernel in the past, see for instance CVE-2025-39899 for userfaultfd. Signed-off-by: bspengler-oss <94915855+bspengler-oss@users.noreply.github.com>
1 parent 16549e3 commit 7b17cc5

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

module/zfs/abd.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1111,13 +1111,6 @@ abd_raidz_gen_iterate(abd_t **cabds, abd_t *dabd, size_t off,
11111111

11121112
func_raidz_gen(caddrs, daddr, len, dlen);
11131113

1114-
for (i = parity-1; i >= 0; i--) {
1115-
abd_iter_unmap(&caiters[i]);
1116-
c_cabds[i] =
1117-
abd_advance_abd_iter(cabds[i], c_cabds[i],
1118-
&caiters[i], len);
1119-
}
1120-
11211114
if (dsize > 0) {
11221115
abd_iter_unmap(&daiter);
11231116
c_dabd =
@@ -1126,6 +1119,13 @@ abd_raidz_gen_iterate(abd_t **cabds, abd_t *dabd, size_t off,
11261119
dsize -= dlen;
11271120
}
11281121

1122+
for (i = parity-1; i >= 0; i--) {
1123+
abd_iter_unmap(&caiters[i]);
1124+
c_cabds[i] =
1125+
abd_advance_abd_iter(cabds[i], c_cabds[i],
1126+
&caiters[i], len);
1127+
}
1128+
11291129
csize -= len;
11301130
}
11311131
abd_exit_critical(flags);

0 commit comments

Comments
 (0)