Date: Thu, 1 Aug 2013 09:42:17 +0000 (UTC) From: Alexander Motin <mav@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r253855 - stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs Message-ID: <201308010942.r719gHgF036123@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mav Date: Thu Aug 1 09:42:17 2013 New Revision: 253855 URL: http://svnweb.freebsd.org/changeset/base/253855 Log: MFC r253754: Partially close race between calls of orphan() method from GEOM and close() method from ZFS core, that reliably causes use-after-free panic if SSD vdev detached during inititial erase. Approved by: re (delphij) Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Thu Aug 1 05:59:28 2013 (r253854) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Thu Aug 1 09:42:17 2013 (r253855) @@ -69,6 +69,8 @@ vdev_geom_orphan(struct g_consumer *cp) g_topology_assert(); vd = cp->private; + if (vd == NULL) + return; /* * Orphan callbacks occur from the GEOM event thread. @@ -689,6 +691,7 @@ vdev_geom_close(vdev_t *vd) return; vd->vdev_tsd = NULL; vd->vdev_delayed_close = B_FALSE; + cp->private = NULL; /* XXX locking */ g_post_event(vdev_geom_detach, cp, M_WAITOK, NULL); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308010942.r719gHgF036123>