zfs_handle used after being closed/freed in change_one() callback

[pzakha]

Motivation and Context

This is a typical case of use after free. We would call zfs_close(zhp) which would free the handle, and then call zfs_iter_children() on that handle later. This change ensures that the zfs_handle is only closed when we are ready to return.

Description

I've been running zfs inherit -r sharenfs pool which was failing with an error code without any error messages. After some debugging I've pinpointed the issue to be memory corruption, which would cause zfs to try to issue an ioctl to the wrong device and receive ENOTTY.

This failure was likely a fallout of the changes introduced in #7967.

How Has This Been Tested?

• After deploying those changes, zfs inherit -r sharenfs pool succeeds.
• Ran the zfs-test suite using internal Delphix tools: http://platform.jenkins.delphix.com/job/devops-gate/job/master/job/zfs-precommit/4727/console (private link)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Performance enhancement (non-breaking change which improves efficiency)
• Code cleanup (non-breaking change which makes code smaller or more readable)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation (a change to man pages or other documentation)

Checklist:

• My code follows the ZFS on Linux code style requirements.
• I have updated the documentation accordingly.
• I have read the contributing document.
• I have added tests to cover my changes.
• All new and existing tests passed.
• All commit messages are properly formatted and contain Signed-off-by.

[pzakha]

cc: @sebroy @grwilson @alek-p

[pzakha]

Added code to also fix a leak of a zfs handle.
Re-testing: http://platform.jenkins.delphix.com/job/devops-gate/job/master/job/zfs-precommit/4729/

[codecov]

Codecov Report

Merging #9165 into master will decrease coverage by 0.14%.
The diff coverage is 80%.

@@            Coverage Diff             @@
##           master    #9165      +/-   ##
==========================================
- Coverage   79.24%    79.1%   -0.15%     
==========================================
  Files         400      400              
  Lines      122012   122002      -10     
==========================================
- Hits        96687    96506     -181     
- Misses      25325    25496     +171

Flag	Coverage Δ
#kernel	79.74% <ø> (-0.06%)	⬇️
#user	66.82% <80%> (-0.55%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e6203d2...d5c3adb. Read the comment docs.

[alek-p]

LGTM

[pzakha]

I've updated the code, and had a successful run for a slightly different version.

The issue is that we do need to close the handle, but only if it is not added to the changelist. Alternatively we could have dup'd the handle that we add to the changelist and always close the one passed to change_one.

zfs-precommit link (Delphix internal).

[behlendorf]

@pzakha can you refresh this one last time with the final code and resolve the cstyle warning. Then this should be good to go.

[pzakha]

@behlendorf done, thanks for spotting that!