Date: Mon, 30 Sep 2013 17:35:48 +0000 (UTC) From: John-Mark Gurney <jmg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r255950 - stable/8/sys/fs/cd9660 Message-ID: <201309301735.r8UHZmp5014697@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jmg Date: Mon Sep 30 17:35:48 2013 New Revision: 255950 URL: http://svnweb.freebsd.org/changeset/base/255950 Log: MFC: r255866, r255867 fix a bug where we access a bread buffer after we have brelse'd it... The kernel normally didn't unmap/context switch away before we accessed the buffer most of the time, but under heavy I/O pressure and lots of mount/unmounting this would cause a fault on nofault panic... NULL stale pointers (should be a no-op as they should no longer be used)... Modified: stable/8/sys/fs/cd9660/cd9660_vfsops.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/fs/ (props changed) Modified: stable/8/sys/fs/cd9660/cd9660_vfsops.c ============================================================================== --- stable/8/sys/fs/cd9660/cd9660_vfsops.c Mon Sep 30 17:23:45 2013 (r255949) +++ stable/8/sys/fs/cd9660/cd9660_vfsops.c Mon Sep 30 17:35:48 2013 (r255950) @@ -369,6 +369,9 @@ iso_mountfs(devvp, mp) pribp->b_flags |= B_AGE; brelse(pribp); pribp = NULL; + rootp = NULL; + pri = NULL; + pri_sierra = NULL; mp->mnt_data = isomp; mp->mnt_stat.f_fsid.val[0] = dev2udev(dev); @@ -391,11 +394,11 @@ iso_mountfs(devvp, mp) /* Check the Rock Ridge Extension support */ if (!(isomp->im_flags & ISOFSMNT_NORRIP)) { - if ((error = bread(isomp->im_devvp, - (isomp->root_extent + isonum_711(rootp->ext_attr_length)) << - (isomp->im_bshift - DEV_BSHIFT), - isomp->logical_block_size, NOCRED, &bp)) != 0) - goto out; + if ((error = bread(isomp->im_devvp, (isomp->root_extent + + isonum_711(((struct iso_directory_record *)isomp->root)-> + ext_attr_length)) << (isomp->im_bshift - DEV_BSHIFT), + isomp->logical_block_size, NOCRED, &bp)) != 0) + goto out; rootp = (struct iso_directory_record *)bp->b_data; @@ -412,6 +415,7 @@ iso_mountfs(devvp, mp) bp->b_flags |= B_AGE; brelse(bp); bp = NULL; + rootp = NULL; } if (isomp->im_flags & ISOFSMNT_KICONV && cd9660_iconv) { @@ -466,6 +470,7 @@ iso_mountfs(devvp, mp) if (supbp) { brelse(supbp); supbp = NULL; + sup = NULL; } return 0;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309301735.r8UHZmp5014697>