]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 59b4875) | patch
Fix rare double free in vdev_geom_attrchanged
authorasomers <asomers@FreeBSD.org>
Tue, 12 Apr 2016 19:11:14 +0000 (19:11 +0000)
committerasomers <asomers@FreeBSD.org>
Tue, 12 Apr 2016 19:11:14 +0000 (19:11 +0000)
commit2a0941fb20351d00765ce970ea44efcc0f389e3b
tree7e214f1efce7e020f0af85f84af5015188069167tree | snapshot
parent59b487552b970f0667b23ad1197bc0a224a5048ccommit | diff
Fix rare double free in vdev_geom_attrchanged

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Don't drop the g_topology_lock before freeing old_physpath. That
opens up a race where one thread can call vdev_geom_attrchanged,
set old_physpath, drop the g_topology_lock, then block trying to
acquire the SCL_STATE lock. Then another thread can come into
vdev_geom_attrchanged, set old_physpath to the same value, and
proceed to free it. When the first thread resumes, it will free
the same location.

It turns out that the SCL_STATE lock isn't needed. It was
originally added by gibbs to protect vd->vdev_physpath while
updating the same. However, the update process subsequently was
switched to an atomic operation (a pointer swap). Now, there is
no need for the SCL_STATE lock, and hence no need to drop the
g_topology_lock.

Reviewed by: delphij
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D5413
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.