Date: Fri, 28 Oct 2016 18:22:00 +0000 (UTC) From: Alexander Motin <mav@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r308059 - stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs Message-ID: <201610281822.u9SIM0fr067633@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mav Date: Fri Oct 28 18:22:00 2016 New Revision: 308059 URL: https://svnweb.freebsd.org/changeset/base/308059 Log: MFC r298814 (by asomers): Fix a use-after-free when "zpool import" fails clear vd->vdev_tsd in vdev_geom_close_locked instead of vdev_geom_detach. In the latter function, it would fail to happen in certain circumstances where cp->private was unset. Ideally, the latter should never happen, but it can happen when vdev open fails, or where spares are involved. Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c ============================================================================== --- stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Fri Oct 28 18:20:14 2016 (r308058) +++ stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Fri Oct 28 18:22:00 2016 (r308059) @@ -278,10 +278,6 @@ vdev_geom_detach(struct g_consumer *cp, cp->provider && cp->provider->name ? cp->provider->name : "NULL"); vd = cp->private; - if (vd != NULL) { - vd->vdev_tsd = NULL; - vd->vdev_delayed_close = B_FALSE; - } cp->private = NULL; gp = cp->geom; @@ -313,6 +309,8 @@ vdev_geom_close_locked(vdev_t *vd) g_topology_assert(); cp = vd->vdev_tsd; + vd->vdev_tsd = NULL; + vd->vdev_delayed_close = B_FALSE; if (cp == NULL) return;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610281822.u9SIM0fr067633>