svn commit: r253754 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Alexander Motin
mav at FreeBSD.org
Sun Jul 28 20:07:35 UTC 2013
Author: mav
Date: Sun Jul 28 20:07:34 2013
New Revision: 253754
URL: http://svnweb.freebsd.org/changeset/base/253754
Log:
Partially close race between calls of orphan() method from GEOM and close()
method from ZFS core, that reliably causes use-after-free panic if SSD vdev
detached during inititial erase.
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sun Jul 28 20:02:41 2013 (r253753)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Sun Jul 28 20:07:34 2013 (r253754)
@@ -69,6 +69,8 @@ vdev_geom_orphan(struct g_consumer *cp)
g_topology_assert();
vd = cp->private;
+ if (vd == NULL)
+ return;
/*
* Orphan callbacks occur from the GEOM event thread.
@@ -689,6 +691,7 @@ vdev_geom_close(vdev_t *vd)
return;
vd->vdev_tsd = NULL;
vd->vdev_delayed_close = B_FALSE;
+ cp->private = NULL; /* XXX locking */
g_post_event(vdev_geom_detach, cp, M_WAITOK, NULL);
}
More information about the svn-src-all
mailing list