MFC 297868

Fix rare double free in vdev_geom_attrchanged

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
        Don't drop the g_topology_lock before freeing old_physpath. That
        opens up a race where one thread can call vdev_geom_attrchanged,
        set old_physpath, drop the g_topology_lock, then block trying to
        acquire the SCL_STATE lock. Then another thread can come into
        vdev_geom_attrchanged, set old_physpath to the same value, and
        proceed to free it. When the first thread resumes, it will free
        the same location.

        It turns out that the SCL_STATE lock isn't needed. It was
        originally added by gibbs to protect vd->vdev_physpath while
        updating the same. However, the update process subsequently was
        switched to an atomic operation (a pointer swap). Now, there is
        no need for the SCL_STATE lock, and hence no need to drop the
        g_topology_lock.

0 files changed, 0 insertions, 0 deletions