svn commit: r255952 - stable/9/sys/fs/cd9660

John-Mark Gurney jmg at FreeBSD.org
Mon Sep 30 17:57:23 UTC 2013 

Author: jmg
Date: Mon Sep 30 17:57:22 2013
New Revision: 255952
URL: http://svnweb.freebsd.org/changeset/base/255952

Log:
  MFC: r255866, r255867
  
    fix a bug where we access a bread buffer after we have brelse'd it...
    The kernel normally didn't unmap/context switch away before we accessed
    the buffer most of the time, but under heavy I/O pressure and lots of
    mount/unmounting this would cause a fault on nofault panic...
  
    NULL stale pointers (should be a no-op as they should no longer be
    used)...

Modified:
  stable/9/sys/fs/cd9660/cd9660_vfsops.c
Directory Properties:
  stable/9/sys/   (props changed)
  stable/9/sys/fs/   (props changed)

Modified: stable/9/sys/fs/cd9660/cd9660_vfsops.c
==============================================================================
--- stable/9/sys/fs/cd9660/cd9660_vfsops.c	Mon Sep 30 17:40:39 2013	(r255951)
+++ stable/9/sys/fs/cd9660/cd9660_vfsops.c	Mon Sep 30 17:57:22 2013	(r255952)
@@ -369,6 +369,9 @@ iso_mountfs(devvp, mp)
 	pribp->b_flags |= B_AGE;
 	brelse(pribp);
 	pribp = NULL;
+	rootp = NULL;
+	pri = NULL;
+	pri_sierra = NULL;
 
 	mp->mnt_data = isomp;
 	mp->mnt_stat.f_fsid.val[0] = dev2udev(dev);
@@ -391,11 +394,11 @@ iso_mountfs(devvp, mp)
 
 	/* Check the Rock Ridge Extension support */
 	if (!(isomp->im_flags & ISOFSMNT_NORRIP)) {
-		if ((error = bread(isomp->im_devvp,
-				  (isomp->root_extent + isonum_711(rootp->ext_attr_length)) <<
-				  (isomp->im_bshift - DEV_BSHIFT),
-				  isomp->logical_block_size, NOCRED, &bp)) != 0)
-		    goto out;
+		if ((error = bread(isomp->im_devvp, (isomp->root_extent +
+		    isonum_711(((struct iso_directory_record *)isomp->root)->
+		    ext_attr_length)) << (isomp->im_bshift - DEV_BSHIFT),
+		    isomp->logical_block_size, NOCRED, &bp)) != 0)
+			goto out;
 
 		rootp = (struct iso_directory_record *)bp->b_data;
 
@@ -412,6 +415,7 @@ iso_mountfs(devvp, mp)
 		bp->b_flags |= B_AGE;
 		brelse(bp);
 		bp = NULL;
+		rootp = NULL;
 	}
 
 	if (isomp->im_flags & ISOFSMNT_KICONV && cd9660_iconv) {
@@ -466,6 +470,7 @@ iso_mountfs(devvp, mp)
 	if (supbp) {
 		brelse(supbp);
 		supbp = NULL;
+		sup = NULL;
 	}
 
 	return 0;

More information about the svn-src-stable-9 mailing list