MFS10 r273272 (r273143 in head):

Remove setting BIO_DONE flag for BIOs that have done() method. This fixes use-after-free, caused by geom_disk, completing same BIO twice to save extra allocation, and getting BIO_DONE set after the first. Approved by: re (hrs)
author: mav <mav@FreeBSD.org> 2014-10-20 07:15:04 +0000
committer: mav <mav@FreeBSD.org> 2014-10-20 07:15:04 +0000
commit: cf495e06a44ce74adbeb57b9d9f524dd5f808532 (patch)
tree: 3869b6a1a102e139681404013ff1d8e311ee4284
parent: 558b9d746be84146d8d79d96c9cc61a81221d549 (diff)
download: FreeBSD-src-cf495e06a44ce74adbeb57b9d9f524dd5f808532.zip
FreeBSD-src-cf495e06a44ce74adbeb57b9d9f524dd5f808532.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c
index 1cbc891..d04aae5 100644
--- a/sys/kern/vfs_bio.c
+++ b/sys/kern/vfs_bio.c
@@ -3582,10 +3582,8 @@ biodone(struct bio *bp)
 		bp->bio_flags |= BIO_DONE;
 		wakeup(bp);
 		mtx_unlock(mtxp);
-	} else {
-		bp->bio_flags |= BIO_DONE;
+	} else
 		done(bp);
-	}
 }
 
 /*
author	mav <mav@FreeBSD.org>	2014-10-20 07:15:04 +0000
committer	mav <mav@FreeBSD.org>	2014-10-20 07:15:04 +0000
commit	cf495e06a44ce74adbeb57b9d9f524dd5f808532 (patch)
tree	3869b6a1a102e139681404013ff1d8e311ee4284
parent	558b9d746be84146d8d79d96c9cc61a81221d549 (diff)
download	FreeBSD-src-cf495e06a44ce74adbeb57b9d9f524dd5f808532.zip FreeBSD-src-cf495e06a44ce74adbeb57b9d9f524dd5f808532.tar.gz