Date: Mon, 20 Oct 2014 07:15:05 +0000 (UTC) From: Alexander Motin <mav@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r273304 - releng/10.1/sys/kern Message-ID: <201410200715.s9K7F5XP062984@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mav Date: Mon Oct 20 07:15:04 2014 New Revision: 273304 URL: https://svnweb.freebsd.org/changeset/base/273304 Log: MFS10 r273272 (r273143 in head): Remove setting BIO_DONE flag for BIOs that have done() method. This fixes use-after-free, caused by geom_disk, completing same BIO twice to save extra allocation, and getting BIO_DONE set after the first. Approved by: re (hrs) Modified: releng/10.1/sys/kern/vfs_bio.c Directory Properties: releng/10.1/ (props changed) Modified: releng/10.1/sys/kern/vfs_bio.c ============================================================================== --- releng/10.1/sys/kern/vfs_bio.c Mon Oct 20 05:17:16 2014 (r273303) +++ releng/10.1/sys/kern/vfs_bio.c Mon Oct 20 07:15:04 2014 (r273304) @@ -3582,10 +3582,8 @@ biodone(struct bio *bp) bp->bio_flags |= BIO_DONE; wakeup(bp); mtx_unlock(mtxp); - } else { - bp->bio_flags |= BIO_DONE; + } else done(bp); - } } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410200715.s9K7F5XP062984>