svn commit: r308059 - stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Alexander Motin
mav at FreeBSD.org
Fri Oct 28 18:22:01 UTC 2016
Author: mav
Date: Fri Oct 28 18:22:00 2016
New Revision: 308059
URL: https://svnweb.freebsd.org/changeset/base/308059
Log:
MFC r298814 (by asomers): Fix a use-after-free when "zpool import" fails
clear vd->vdev_tsd in vdev_geom_close_locked instead of vdev_geom_detach.
In the latter function, it would fail to happen in certain circumstances
where cp->private was unset. Ideally, the latter should never happen, but
it can happen when vdev open fails, or where spares are involved.
Modified:
stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==============================================================================
--- stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Fri Oct 28 18:20:14 2016 (r308058)
+++ stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Fri Oct 28 18:22:00 2016 (r308059)
@@ -278,10 +278,6 @@ vdev_geom_detach(struct g_consumer *cp,
cp->provider && cp->provider->name ? cp->provider->name : "NULL");
vd = cp->private;
- if (vd != NULL) {
- vd->vdev_tsd = NULL;
- vd->vdev_delayed_close = B_FALSE;
- }
cp->private = NULL;
gp = cp->geom;
@@ -313,6 +309,8 @@ vdev_geom_close_locked(vdev_t *vd)
g_topology_assert();
cp = vd->vdev_tsd;
+ vd->vdev_tsd = NULL;
+ vd->vdev_delayed_close = B_FALSE;
if (cp == NULL)
return;
More information about the svn-src-all
mailing list