summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_conf.c
diff options
context:
space:
mode:
authorbde <bde@FreeBSD.org>2002-04-25 13:17:33 +0000
committerbde <bde@FreeBSD.org>2002-04-25 13:17:33 +0000
commitc7cc23aacfe96fb2f1f02fc3b3ffea759471c3a7 (patch)
treea8ee076e124fba0fc7f2f7873be3623b50aa6f6e /sys/kern/kern_conf.c
parent0153568c1096747e800124f5206748b198704ff3 (diff)
downloadFreeBSD-src-c7cc23aacfe96fb2f1f02fc3b3ffea759471c3a7.zip
FreeBSD-src-c7cc23aacfe96fb2f1f02fc3b3ffea759471c3a7.tar.gz
Break the following implementation of panic(3):
#!bin/sh # Original version of this by Michael Reifenberger # <root@nihil.plaut.de>. mdconfig -d -u 11 >/dev/null 2>&1 dd if=/dev/zero of=zz bs=1m count=1 while : do mdconfig -a -t vnode -f zz -u 11 fdisk -f - -iv /dev/md11 <<EOF1 g c1 h64 s32 p 1 165 0 2048 a 1 EOF1 mdconfig -d -u 11 done Garbage pointers in __si_u were not cleared by destroy_dev(). Not clearing si_disk made the above fatal because the disk layer uses si_disk as a flag to indicate that the dev_t has been completely initialized. disk_destroy() clears si_disk for the parent dev_t but doesn't get called for children. Not fixed: - setting the undocumented sysctl debug.free_devt should cause more complete destruction of the dev_t including clearing of __si_u, but actually causes the above to panic a little earlier. - the loop leaks 10 memory allocations per iteration (4 DEVFS, 2 devbuf and 4 dev_t). Reviewed by: timeout by MAINTAINER after 3 months
Diffstat (limited to 'sys/kern/kern_conf.c')
-rw-r--r--sys/kern/kern_conf.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/kern/kern_conf.c b/sys/kern/kern_conf.c
index d0c988b..d1ce2fc 100644
--- a/sys/kern/kern_conf.c
+++ b/sys/kern/kern_conf.c
@@ -398,6 +398,7 @@ destroy_dev(dev_t dev)
dev->si_drv1 = 0;
dev->si_drv2 = 0;
dev->si_devsw = 0;
+ bzero(&dev->__si_u, sizeof(dev->__si_u));
dev->si_flags &= ~SI_NAMED;
dev->si_flags &= ~SI_ALIAS;
freedev(dev);
OpenPOWER on IntegriCloud