Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
3
-
9223372036854775807
Description
orph_key_fill and orph_key_fill_18 have this strange construct:
if (rc > 0)
return (struct dt_key*) key;
else
return ERR_PTR(rc);
So they pass 0 into ERR_PTR which probably will result in NULL but often is a mistake.
I tried to see how is it used and there's no error checking, in all cases the resultant value is directly fed into dt_insert() or dt_declare_insert() or the like.
I looked at osd_declare_dir_delete as one of the possible options (in zfs) and it seems to be directly using this as:
dmu_tx_hold_zap(oh->ot_tx, dnode, TRUE, (char *)key);
for dt_insert, the ldiskfs incarnation directly accesses (or tries to) the content with:
rc = iam_insert(oh->ot_handle, bag, (const struct iam_key *)key,
iam_rec, ipd);
So I guess this needs some looking at to make sure we do the correct thing there.