Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Oct 2014 12:33:03 -0700
From:      NGie Cooper <yaneurabeya@gmail.com>
To:        Alexander Motin <mav@freebsd.org>
Cc:        "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, Benno Rice <benno@freebsd.org>, "bdrewery@freebsd.org" <bdrewery@freebsd.org>
Subject:   Re: svn commit: r273143 - head/sys/kern
Message-ID:  <CAGHfRMD3hNfxuH763w-VvkEf9HxpPBykX-MTyOtg=Qtt_BYGkg@mail.gmail.com>
In-Reply-To: <543EC651.1060903@FreeBSD.org>
References:  <201410151836.s9FIaZBU090173@svn.freebsd.org> <CAGHfRMCF030buMAVgpQxXQ8SvPMB%2BFZaDHsdKXP7GaYD7DG1cw@mail.gmail.com> <543EC651.1060903@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Oct 15, 2014 at 12:09 PM, Alexander Motin <mav@freebsd.org> wrote:
> On 15.10.2014 21:48, NGie Cooper wrote:
>> On Wed, Oct 15, 2014 at 11:36 AM, Alexander Motin <mav@freebsd.org> wrote:
>>> Author: mav
>>> Date: Wed Oct 15 18:36:34 2014
>>> New Revision: 273143
>>> URL: https://svnweb.freebsd.org/changeset/base/273143
>>>
>>> Log:
>>>   Remove setting BIO_DONE flag for BIOs that have done() method.
>>>
>>>   This fixes use-after-free, caused by geom_disk, completing same BIO twice
>>>   to save extra allocation, and getting BIO_DONE set after the first.
>>>
>>>   MFC after:    1 week
>>
>> Hi mav,
>>     This bug is present in stable/10 as well. Could you please merge
>> it back to releng/10.1 before the release is cut?
>
> I'll send request to re@ after required minimal three days.

Ok!

> Though this code was committed to head about a year ago, so not sure how big is this
> problem.

Isilon uses gmirror for some devices and we've been running into
random use-after-free panics in geom (sometimes with gmirror) with
memguard(9) enabled. I have some potentially useful tests that I'll
post on freefall (they need a bit more polishing before they can be
committed to mainline FreeBSD).

Thanks!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGHfRMD3hNfxuH763w-VvkEf9HxpPBykX-MTyOtg=Qtt_BYGkg>