CyberLeo.Net >> Repos - FreeBSD/stable/10.git/commit

MFC 297868

Fix rare double free in vdev_geom_attrchanged

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
        Don't drop the g_topology_lock before freeing old_physpath. That
        opens up a race where one thread can call vdev_geom_attrchanged,
        set old_physpath, drop the g_topology_lock, then block trying to
        acquire the SCL_STATE lock. Then another thread can come into
        vdev_geom_attrchanged, set old_physpath to the same value, and
        proceed to free it. When the first thread resumes, it will free
        the same location.

        It turns out that the SCL_STATE lock isn't needed. It was
        originally added by gibbs to protect vd->vdev_physpath while
        updating the same. However, the update process subsequently was
        switched to an atomic operation (a pointer swap). Now, there is
        no need for the SCL_STATE lock, and hence no need to drop the
        g_topology_lock.

git-svn-id: svn://svn.freebsd.org/base/stable/10@299376 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f

author	asomers <asomers@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 10 May 2016 16:49:50 +0000 (16:49 +0000)
committer	asomers <asomers@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
	Tue, 10 May 2016 16:49:50 +0000 (16:49 +0000)
commit	fa77158623d8e5aa03db0035d5d72a679e4b37d5
tree	5cca6f3158a09b58375d21b6a304047c359f17a0	tree \| snapshot
parent	0522c14ec849ab455c60f10d08c57a5b7554dc41	commit \| diff