diff options
| author | mav <mav@FreeBSD.org> | 2014-10-19 08:47:27 +0000 |
|---|---|---|
| committer | mav <mav@FreeBSD.org> | 2014-10-19 08:47:27 +0000 |
| commit | 7f2e56c17ddf1e3524657c2a3e0397f2f842157e (patch) | |
| tree | bf78ac81174c258324c51ff07b3261ed7b0d67a8 | |
| parent | f2b9523abe1fc45ffba1bb8aed12f551535b59d1 (diff) | |
| download | FreeBSD-src-7f2e56c17ddf1e3524657c2a3e0397f2f842157e.zip FreeBSD-src-7f2e56c17ddf1e3524657c2a3e0397f2f842157e.tar.gz | |
MFC r273143: Remove setting BIO_DONE flag for BIOs that have done() method.
This fixes use-after-free, caused by geom_disk, completing same BIO twice
to save extra allocation, and getting BIO_DONE set after the first.
| -rw-r--r-- | sys/kern/vfs_bio.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c index cc6ac46..8f6a3c3 100644 --- a/sys/kern/vfs_bio.c +++ b/sys/kern/vfs_bio.c @@ -3585,10 +3585,8 @@ biodone(struct bio *bp) bp->bio_flags |= BIO_DONE; wakeup(bp); mtx_unlock(mtxp); - } else { - bp->bio_flags |= BIO_DONE; + } else done(bp); - } } /* |
