From: Gvozden Neskovic <neskovic@gmail.com>
Date: Thu, 3 Aug 2017 03:42:58 +0000 (+0200)
Subject: spl-mutex: fix race in mutex_exit
X-Git-Tag: zfs-0.8.0-rc1~152^2~33
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=261a3151e16851304eb3e36af2681d1d1579b08f;p=zfs

spl-mutex: fix race in mutex_exit

Prevent race on accessing kmutex_t when the mutex is
embedded in a ref counted structure.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Chunwei Chen <david.chen@osnexus.com>
Signed-off-by: Gvozden Neskovic <neskovic@gmail.com>
Closes zfsonlinux/zfs#6401
Closes #637
---

diff --git a/include/sys/mutex.h b/include/sys/mutex.h
index 319235223..8a98a9213 100644
--- a/include/sys/mutex.h
+++ b/include/sys/mutex.h
@@ -183,12 +183,13 @@ spl_mutex_lockdep_on_maybe(kmutex_t *mp)			\
  */
 #define	mutex_exit(mp)						\
 {								\
-	spl_mutex_lockdep_off_maybe(mp);			\
-	spin_lock(&(mp)->m_lock);				\
 	spl_mutex_clear_owner(mp);				\
+	spin_lock(&(mp)->m_lock);				\
+	spl_mutex_lockdep_off_maybe(mp);			\
 	mutex_unlock(MUTEX(mp));				\
-	spin_unlock(&(mp)->m_lock);				\
 	spl_mutex_lockdep_on_maybe(mp);				\
+	spin_unlock(&(mp)->m_lock);				\
+	/* NOTE: do not dereference mp after this point */	\
 }
 
 int spl_mutex_init(void);