From owner-svn-src-all@FreeBSD.ORG Wed Oct 15 19:09:11 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B5697A1; Wed, 15 Oct 2014 19:09:11 +0000 (UTC) Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D466D14C; Wed, 15 Oct 2014 19:09:10 +0000 (UTC) Received: by mail-la0-f50.google.com with SMTP id s18so1668047lam.9 for ; Wed, 15 Oct 2014 12:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=etuJdrxrxntUzOYb286+W+SjXpRn3iZpbmwj8UH1qtw=; b=o8PANna79CRDYi9LTCnR/jXbvmeNaiGEcapOZkNpgyc6x6s1BeXmk68PtxcDrgIa6O GCimR9nX5wFth8hw1372Fyin7AQ5w/uEDGSsEA7Bvqnm3OpJadC8GDBQNobKVZLFVWkJ 5khCVUssDKFfhYRzukXS7ML9EYHkxP3m+1V+p1oT0Q8HBLBnzZmYVOyWen/0EosGMsFA zg1PUC+YvlFy+BIfuQyaVpJQlp2KZ9IpKsjp5EDH/n+fiysclmClRiTf4L5MQEt3VqDf YnuXgdXmlelSChv1pZzMQr1TNMFVMyxVNs7qeZT0V7CSyYygnl5oz05XBun1JITQ7XYT LDTQ== X-Received: by 10.112.73.35 with SMTP id i3mr14469577lbv.75.1413400148563; Wed, 15 Oct 2014 12:09:08 -0700 (PDT) Received: from mavbook.mavhome.dp.ua ([134.249.139.101]) by mx.google.com with ESMTPSA id dq5sm6978456lbc.11.2014.10.15.12.09.06 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 15 Oct 2014 12:09:07 -0700 (PDT) Sender: Alexander Motin Message-ID: <543EC651.1060903@FreeBSD.org> Date: Wed, 15 Oct 2014 22:09:05 +0300 From: Alexander Motin User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: NGie Cooper Subject: Re: svn commit: r273143 - head/sys/kern References: <201410151836.s9FIaZBU090173@svn.freebsd.org> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: "svn-src-head@freebsd.org" , "svn-src-all@freebsd.org" , "src-committers@freebsd.org" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2014 19:09:11 -0000 On 15.10.2014 21:48, NGie Cooper wrote: > On Wed, Oct 15, 2014 at 11:36 AM, Alexander Motin wrote: >> Author: mav >> Date: Wed Oct 15 18:36:34 2014 >> New Revision: 273143 >> URL: https://svnweb.freebsd.org/changeset/base/273143 >> >> Log: >> Remove setting BIO_DONE flag for BIOs that have done() method. >> >> This fixes use-after-free, caused by geom_disk, completing same BIO twice >> to save extra allocation, and getting BIO_DONE set after the first. >> >> MFC after: 1 week > > Hi mav, > This bug is present in stable/10 as well. Could you please merge > it back to releng/10.1 before the release is cut? I'll send request to re@ after required minimal three days. Though this code was committed to head about a year ago, so not sure how big is this problem. -- Alexander Motin