diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2017-04-14 17:08:37 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2017-04-14 17:08:37 +0000 |
| commit | 1e91412e40491571bff67e5e84290f743d933e11 (patch) | |
| tree | c5085791292198ce09a41edee9308d965351e0a1 /sys/geom | |
| parent | 77011eac8653832b2762a77545cebdce924395d4 (diff) | |
| download | src-1e91412e40491571bff67e5e84290f743d933e11.tar.gz src-1e91412e40491571bff67e5e84290f743d933e11.zip | |
Don't set the mirror GEOM softc to NULL in g_mirror_destroy().
At this point we have not rendezvous'ed with the mirror worker thread, and
I/O may still be in flight. Various I/O completion paths expect to be able
to obtain a reference to the mirror softc from the GEOM, so setting it to
NULL may result in various NULL pointer dereferences if the mirror is
stopped with -f or the kernel is shut down while a mirror is
synchronizing. The worker thread will clear the softc pointer before
exiting.
Tested by: pho
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Notes
Notes:
svn path=/head/; revision=316867
Diffstat (limited to 'sys/geom')
| -rw-r--r-- | sys/geom/mirror/g_mirror.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/sys/geom/mirror/g_mirror.c b/sys/geom/mirror/g_mirror.c index b5504327b28d..345b341ba113 100644 --- a/sys/geom/mirror/g_mirror.c +++ b/sys/geom/mirror/g_mirror.c @@ -3076,15 +3076,8 @@ g_mirror_destroy(struct g_mirror_softc *sc, int how) } } - g_topology_lock(); - if (sc->sc_geom->softc == NULL) { - g_topology_unlock(); + if ((sc->sc_flags & G_MIRROR_DEVICE_FLAG_DESTROY) != 0) return (0); - } - sc->sc_geom->softc = NULL; - sc->sc_sync.ds_geom->softc = NULL; - g_topology_unlock(); - sc->sc_flags |= G_MIRROR_DEVICE_FLAG_DESTROY; sc->sc_flags |= G_MIRROR_DEVICE_FLAG_WAIT; G_MIRROR_DEBUG(4, "%s: Waking up %p.", __func__, sc); |