From owner-svn-src-head@FreeBSD.ORG Wed Oct 15 19:33:05 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F20DECFD; Wed, 15 Oct 2014 19:33:04 +0000 (UTC) Received: from mail-ie0-x231.google.com (mail-ie0-x231.google.com [IPv6:2607:f8b0:4001:c03::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8FF83637; Wed, 15 Oct 2014 19:33:04 +0000 (UTC) Received: by mail-ie0-f177.google.com with SMTP id rd18so1935330iec.36 for ; Wed, 15 Oct 2014 12:33:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dRTTA2LcvpPZDFn6LW1MorbKE9ui1yrac1wvmVzWDE8=; b=VKeDbTY3OTvoozG5LXd3Tp3Knv1UpiuwRsGhO2Fs1TTO0kbP/GVjBE28exouUF/zGq h+W2z4K0mA6r1YHDaDXf6EtC8T3JORgQMpYBK7Y/ir4GSAyRuW9p2vxOCzaPGQ97rR1K BADDOQBcFmyMFpZZPgRuu8gqo1N8keh3G28FW4CcTIJpIA5YssIBAeaPLEN3iu6NzT+/ T1Ui4uM5ka46hlLPHFAXSesjo2DNH7HTxYXjz/rYBJ7V6GRV1bop33LM1hrV68mdFBSM sSE8p7mpuItiSUc3AQGEV4rbejcORZS0sYyOrJtoRi7zuA9k4qll8dXBcJu8OI99t3LQ SSAA== MIME-Version: 1.0 X-Received: by 10.107.18.76 with SMTP id a73mr4613911ioj.83.1413401583903; Wed, 15 Oct 2014 12:33:03 -0700 (PDT) Received: by 10.50.227.42 with HTTP; Wed, 15 Oct 2014 12:33:03 -0700 (PDT) In-Reply-To: <543EC651.1060903@FreeBSD.org> References: <201410151836.s9FIaZBU090173@svn.freebsd.org> <543EC651.1060903@FreeBSD.org> Date: Wed, 15 Oct 2014 12:33:03 -0700 Message-ID: Subject: Re: svn commit: r273143 - head/sys/kern From: NGie Cooper To: Alexander Motin Content-Type: text/plain; charset=UTF-8 Cc: "svn-src-head@freebsd.org" , "svn-src-all@freebsd.org" , "src-committers@freebsd.org" , Benno Rice , "bdrewery@freebsd.org" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2014 19:33:05 -0000 On Wed, Oct 15, 2014 at 12:09 PM, Alexander Motin wrote: > On 15.10.2014 21:48, NGie Cooper wrote: >> On Wed, Oct 15, 2014 at 11:36 AM, Alexander Motin wrote: >>> Author: mav >>> Date: Wed Oct 15 18:36:34 2014 >>> New Revision: 273143 >>> URL: https://svnweb.freebsd.org/changeset/base/273143 >>> >>> Log: >>> Remove setting BIO_DONE flag for BIOs that have done() method. >>> >>> This fixes use-after-free, caused by geom_disk, completing same BIO twice >>> to save extra allocation, and getting BIO_DONE set after the first. >>> >>> MFC after: 1 week >> >> Hi mav, >> This bug is present in stable/10 as well. Could you please merge >> it back to releng/10.1 before the release is cut? > > I'll send request to re@ after required minimal three days. Ok! > Though this code was committed to head about a year ago, so not sure how big is this > problem. Isilon uses gmirror for some devices and we've been running into random use-after-free panics in geom (sometimes with gmirror) with memguard(9) enabled. I have some potentially useful tests that I'll post on freefall (they need a bit more polishing before they can be committed to mainline FreeBSD). Thanks!