CVS commit: [netbsd-7] src/sys

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: [netbsd-7] src/sys
From: "Soren Jacobsen" <snj%netbsd.org@localhost>
Date: Tue, 18 Nov 2014 18:40:06 +0000

Module Name:    src
Committed By:   snj
Date:           Tue Nov 18 18:40:06 UTC 2014

Modified Files:
        src/sys/kern [netbsd-7]: vfs_mount.c
        src/sys/ufs/ffs [netbsd-7]: ffs_vfsops.c
        src/sys/ufs/ufs [netbsd-7]: ufs_extattr.c

Log Message:
Pull up following revision(s) (requested by manu in ticket #246):
        sys/kern/vfs_mount.c: revision 1.31
        sys/ufs/ffs/ffs_vfsops.c: revision 1.302
        sys/ufs/ufs/ufs_extattr.c: revision 1.44
Fix use-after-free on failed unmount with extended attribute enabled
When unmount failed, for instance because the mount is still busy,
UFS1 extended attributes structures were left freed while the kernel
assumes extended attributes were still enabled. This led to using
UFS1 extended attributes structures after free. With LOCKDEBUG, with
quickly triggers a panic.
The problem is fixed by:
1) clear MNT_EXTATTR flag after extended attributes structures are freed
2) attempt to restart extended attributes after failed unmount
2) set MNT_EXTATTR correctly after extended attributes restart
As a side effect, extended attribute structures are now only initialized
when extended attributes are started for the filesystem.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.30.2.1 src/sys/kern/vfs_mount.c
cvs rdiff -u -r1.299 -r1.299.2.1 src/sys/ufs/ffs/ffs_vfsops.c
cvs rdiff -u -r1.43 -r1.43.4.1 src/sys/ufs/ufs/ufs_extattr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [netbsd-7] src
Next by Date: CVS commit: [netbsd-7] src/sys/ufs/ufs
Previous by Thread: CVS commit: [netbsd-7] src
Next by Thread: CVS commit: [netbsd-7] src/sys/ufs/ufs
Indexes:

Home | Main Index | Thread Index | Old Index