From d928d85cadb2b9438e309a882a5122da44ef46df Mon Sep 17 00:00:00 2001
From: Pavel Snajdr <snajpa@snajpa.net>
Date: Thu, 24 Oct 2024 22:52:26 +0200
Subject: [PATCH] Linux: Fix zfs_prune panics

by protecting against sb->s_shrink eviction on umount with newer kernels

deactivate_locked_super calls shrinker_free and only then
sops->kill_sb cb, resulting in UAF on umount when trying
to reach for the shrinker functions in zpl_prune_sb of
in-umount dataset

Signed-off-by: Pavel Snajdr <snajpa@snajpa.net>
---
 module/os/linux/zfs/zpl_super.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/module/os/linux/zfs/zpl_super.c b/module/os/linux/zfs/zpl_super.c
index 287f5f36f9dd..6536296d0453 100644
--- a/module/os/linux/zfs/zpl_super.c
+++ b/module/os/linux/zfs/zpl_super.c
@@ -375,7 +375,11 @@ zpl_prune_sb(uint64_t nr_to_scan, void *arg)
 	struct super_block *sb = (struct super_block *)arg;
 	int objects = 0;
 
-	(void) -zfs_prune(sb, nr_to_scan, &objects);
+	if (atomic_inc_not_zero(&sb->s_active)) {
+		(void) -zfs_prune(sb, nr_to_scan, &objects);
+		atomic_dec(&sb->s_active);
+	}
+
 }
 
 const struct super_operations zpl_super_operations = {