Fix a potential use-after-free in zfs_setsecattr()

In general, VOPs must not load the "z_log" field until having called
zfs_enter_verify_zp().

Reviewed-by: Brian Atkinson <batkinson@lanl.gov>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Mark Johnston <markj@FreeBSD.org>
Closes #15752

diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c
index 384cdf0dca978f467e7ad53d8fd1c3a5fc754cd1..5377da401126cab7829778af3b101a8c0113d3ef 100644 (file)
--- a/module/zfs/zfs_vnops.c
+++ b/module/zfs/zfs_vnops.c
@@ -795,11 +795,11 @@ zfs_setsecattr(znode_t *zp, vsecattr_t *vsecp, int flag, cred_t *cr)
        zfsvfs_t *zfsvfs = ZTOZSB(zp);
        int error;
        boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
-       zilog_t *zilog = zfsvfs->z_log;
+       zilog_t *zilog;
 
        if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
                return (error);
-
+       zilog = zfsvfs->z_log;
        error = zfs_setacl(zp, vsecp, skipaclchk, cr);
 
        if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)