From owner-svn-src-all@FreeBSD.ORG Wed Oct 15 18:48:51 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EBE8C637; Wed, 15 Oct 2014 18:48:51 +0000 (UTC) Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A05BEE84; Wed, 15 Oct 2014 18:48:51 +0000 (UTC) Received: by mail-ie0-f176.google.com with SMTP id rp18so1853504iec.21 for ; Wed, 15 Oct 2014 11:48:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=453e59xuLymAGPTiGhiCfmtk1N/o2rc/8DMLcWx4BLQ=; b=j3Jo7PxAufcNVNIZPIdXwTAr3ImAb/fuemcaUlF4cMj7SH3+gV2LR/Eda2RXC6fIVp hd8k+ruBeyTu2Cs3Bc374ZWqUHDQrkLhyxoeiWuya/pFg4KZ+y4iP+LF3m/H3LqtiBn8 /+DoVbLpzbWaeikbUK97wvIxfBpStmY5geRsRuc4waO1d9HiuhxPuKr4NKEUjgao+gNU rs3xownuy5kjcDEboJ8I7QD1719GcemuAiCqQeNBQI1dVHSEvGW9gSblFTKa0v0JjfD8 N1EoQ49i+VQ0aOz/adqJQ4NzTjC05903DE0NPu79Pu7CG1spbLgrnYWIfAfB+3s81JhV 3HRA== MIME-Version: 1.0 X-Received: by 10.43.42.75 with SMTP id tx11mr1640992icb.82.1413398930910; Wed, 15 Oct 2014 11:48:50 -0700 (PDT) Received: by 10.50.227.42 with HTTP; Wed, 15 Oct 2014 11:48:50 -0700 (PDT) In-Reply-To: <201410151836.s9FIaZBU090173@svn.freebsd.org> References: <201410151836.s9FIaZBU090173@svn.freebsd.org> Date: Wed, 15 Oct 2014 11:48:50 -0700 Message-ID: Subject: Re: svn commit: r273143 - head/sys/kern From: NGie Cooper To: Alexander Motin Content-Type: text/plain; charset=UTF-8 Cc: "svn-src-head@freebsd.org" , "svn-src-all@freebsd.org" , "src-committers@freebsd.org" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2014 18:48:52 -0000 On Wed, Oct 15, 2014 at 11:36 AM, Alexander Motin wrote: > Author: mav > Date: Wed Oct 15 18:36:34 2014 > New Revision: 273143 > URL: https://svnweb.freebsd.org/changeset/base/273143 > > Log: > Remove setting BIO_DONE flag for BIOs that have done() method. > > This fixes use-after-free, caused by geom_disk, completing same BIO twice > to save extra allocation, and getting BIO_DONE set after the first. > > MFC after: 1 week Hi mav, This bug is present in stable/10 as well. Could you please merge it back to releng/10.1 before the release is cut? Thank you!