From ce3ec2f8e36ee88a529f6d17b01b88f756eb8f46 Mon Sep 17 00:00:00 2001
From: mav <mav@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Mon, 20 Oct 2014 07:15:04 +0000
Subject: [PATCH] MFS10 r273272 (r273143 in head): Remove setting BIO_DONE flag
 for BIOs that have done() method.

This fixes use-after-free, caused by geom_disk, completing same BIO twice
to save extra allocation, and getting BIO_DONE set after the first.

Approved by:	re (hrs)


git-svn-id: svn://svn.freebsd.org/base/releng/10.1@273304 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/kern/vfs_bio.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c
index 1cbc891ab..d04aae520 100644
--- a/sys/kern/vfs_bio.c
+++ b/sys/kern/vfs_bio.c
@@ -3582,10 +3582,8 @@ biodone(struct bio *bp)
 		bp->bio_flags |= BIO_DONE;
 		wakeup(bp);
 		mtx_unlock(mtxp);
-	} else {
-		bp->bio_flags |= BIO_DONE;
+	} else
 		done(bp);
-	}
 }
 
 /*
-- 
2.42.0