svn commit: r298814 - head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs
Alan Somers
asomers at FreeBSD.org
Fri Apr 29 21:29:38 UTC 2016
Author: asomers
Date: Fri Apr 29 21:29:37 2016
New Revision: 298814
URL: https://svnweb.freebsd.org/changeset/base/298814
Log:
Fix a use-after-free when "zpool import" fails
clear vd->vdev_tsd in vdev_geom_close_locked instead of vdev_geom_detach.
In the latter function, it would fail to happen in certain circumstances
where cp->private was unset. Ideally, the latter should never happen, but
it can happen when vdev open fails, or where spares are involved.
MFC after: 4 weeks
X-MFC-With: 298786
Sponsored by: Spectra Logic Corp
Modified:
head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Fri Apr 29 21:25:05 2016 (r298813)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c Fri Apr 29 21:29:37 2016 (r298814)
@@ -276,10 +276,6 @@ vdev_geom_detach(struct g_consumer *cp,
cp->provider && cp->provider->name ? cp->provider->name : "NULL");
vd = cp->private;
- if (vd != NULL) {
- vd->vdev_tsd = NULL;
- vd->vdev_delayed_close = B_FALSE;
- }
cp->private = NULL;
gp = cp->geom;
@@ -311,6 +307,8 @@ vdev_geom_close_locked(vdev_t *vd)
g_topology_assert();
cp = vd->vdev_tsd;
+ vd->vdev_tsd = NULL;
+ vd->vdev_delayed_close = B_FALSE;
if (cp == NULL)
return;
More information about the svn-src-head
mailing list