[Bug 273663] zfsd crashes in the presence of pools with removed TLVs

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273663

--- Comment #13 from commit-hook@FreeBSD.org ---
A commit in branch releng/14.0 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=a015b9e690d87c45c73dd08840712f576894dbf9

commit a015b9e690d87c45c73dd08840712f576894dbf9
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2023-09-12 01:20:39 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2023-09-21 22:23:47 +0000

    Fix zfsd with the device_removal pool feature.

    Previously zfsd would crash in the presence of a pool with a
    top-level-vdev that had previously been removed.  The crash happened
    because the configuration nvlist of such a TLV contains an empty
    ZPOOL_CONFIG_CHILDREN array, which led to a pop_front from an empty
    list, which has undefined behavior.

    The crash only happened in stable/14 and later, probably do to
    differences in libcxx, but the change should be MFCed anyway.

    PR:             273663
    Reported by:    Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
    Sponsored by:   Axcient
    Reviewed by:    mav
    Differential Revision: https://reviews.freebsd.org/D41818
    Approved by:    gjb (re)

    (cherry picked from commit 0b294a386d34f6584848ed52407687df7ae59861)
    (cherry picked from commit a39aac5bb8e46b0d9cd77e85be8a65808f8a89ce)

 cddl/usr.sbin/zfsd/tests/zfsd_unittest.cc | 37 +++++++++++++++++++++++++++++++
 cddl/usr.sbin/zfsd/vdev_iterator.cc       |  5 +----
 2 files changed, 38 insertions(+), 4 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.