Illumos 5562 - ZFS sa_handle's violate kmem invariants, debug kernels panic on boot

5562 ZFS sa_handle's violate kmem invariants, debug kernels panic on boot
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Reviewed by: George Wilson <george@delphix.com>
Reviewed by: Rich Lowe <richlowe@richlowe.net>
Approved by: Dan McDonald <danmcd@omniti.com>

References:
  https://www.illumos.org/issues/5562
  https://github.com/illumos/illumos-gate/commit/0fda3cc5

Ported-by: DHE <git@dehacked.net>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3388

diff --git a/module/zfs/sa.c b/module/zfs/sa.c
index a3fcea87b16a9b55b5f2ef683fea022bf784d3c4..2383252e2447b1dc22cd65b7f3dcf480ed5a31b8 100644 (file)
--- a/module/zfs/sa.c
+++ b/module/zfs/sa.c
@@ -210,13 +210,6 @@ sa_cache_constructor(void *buf, void *unused, int kmflag)
 {
        sa_handle_t *hdl = buf;
 
-       hdl->sa_dbu.dbu_evict_func = NULL;
-       hdl->sa_bonus_tab = NULL;
-       hdl->sa_spill_tab = NULL;
-       hdl->sa_os = NULL;
-       hdl->sa_userp = NULL;
-       hdl->sa_bonus = NULL;
-       hdl->sa_spill = NULL;
        mutex_init(&hdl->sa_lock, NULL, MUTEX_DEFAULT, NULL);
        return (0);
 }
@@ -226,7 +219,6 @@ static void
 sa_cache_destructor(void *buf, void *unused)
 {
        sa_handle_t *hdl = buf;
-       hdl->sa_dbu.dbu_evict_func = NULL;
        mutex_destroy(&hdl->sa_lock);
 }
 
@@ -1369,14 +1361,11 @@ sa_handle_destroy(sa_handle_t *hdl)
        mutex_enter(&hdl->sa_lock);
        (void) dmu_buf_remove_user(db, &hdl->sa_dbu);
 
-       if (hdl->sa_bonus_tab) {
+       if (hdl->sa_bonus_tab)
                sa_idx_tab_rele(hdl->sa_os, hdl->sa_bonus_tab);
-               hdl->sa_bonus_tab = NULL;
-       }
-       if (hdl->sa_spill_tab) {
+
+       if (hdl->sa_spill_tab)
                sa_idx_tab_rele(hdl->sa_os, hdl->sa_spill_tab);
-               hdl->sa_spill_tab = NULL;
-       }
 
        dmu_buf_rele(hdl->sa_bonus, NULL);
 
@@ -1410,10 +1399,13 @@ sa_handle_get_from_db(objset_t *os, dmu_buf_t *db, void *userp,
                sa_handle_t *winner = NULL;
 
                handle = kmem_cache_alloc(sa_cache, KM_SLEEP);
+               handle->sa_dbu.dbu_evict_func = NULL;
                handle->sa_userp = userp;
                handle->sa_bonus = db;
                handle->sa_os = os;
                handle->sa_spill = NULL;
+               handle->sa_bonus_tab = NULL;
+               handle->sa_spill_tab = NULL;
 
                error = sa_build_index(handle, SA_BONUS);