svn commit: r255952 - stable/9/sys/fs/cd9660

Mon, 30 Sep 2013 10:58:04 -0700 

Author: jmg
Date: Mon Sep 30 17:57:22 2013
New Revision: 255952
URL: http://svnweb.freebsd.org/changeset/base/255952

Log:
  MFC: r255866, r255867
  
    fix a bug where we access a bread buffer after we have brelse'd it...
    The kernel normally didn't unmap/context switch away before we accessed
    the buffer most of the time, but under heavy I/O pressure and lots of
    mount/unmounting this would cause a fault on nofault panic...
  
    NULL stale pointers (should be a no-op as they should no longer be
    used)...

Modified:
  stable/9/sys/fs/cd9660/cd9660_vfsops.c
Directory Properties:
  stable/9/sys/   (props changed)
  stable/9/sys/fs/   (props changed)

Modified: stable/9/sys/fs/cd9660/cd9660_vfsops.c
==============================================================================
--- stable/9/sys/fs/cd9660/cd9660_vfsops.c      Mon Sep 30 17:40:39 2013        
(r255951)
+++ stable/9/sys/fs/cd9660/cd9660_vfsops.c      Mon Sep 30 17:57:22 2013        
(r255952)
@@ -369,6 +369,9 @@ iso_mountfs(devvp, mp)
        pribp->b_flags |= B_AGE;
        brelse(pribp);
        pribp = NULL;
+       rootp = NULL;
+       pri = NULL;
+       pri_sierra = NULL;
 
        mp->mnt_data = isomp;
        mp->mnt_stat.f_fsid.val[0] = dev2udev(dev);
@@ -391,11 +394,11 @@ iso_mountfs(devvp, mp)
 
        /* Check the Rock Ridge Extension support */
        if (!(isomp->im_flags & ISOFSMNT_NORRIP)) {
-               if ((error = bread(isomp->im_devvp,
-                                 (isomp->root_extent + 
isonum_711(rootp->ext_attr_length)) <<
-                                 (isomp->im_bshift - DEV_BSHIFT),
-                                 isomp->logical_block_size, NOCRED, &bp)) != 0)
-                   goto out;
+               if ((error = bread(isomp->im_devvp, (isomp->root_extent +
+                   isonum_711(((struct iso_directory_record *)isomp->root)->
+                   ext_attr_length)) << (isomp->im_bshift - DEV_BSHIFT),
+                   isomp->logical_block_size, NOCRED, &bp)) != 0)
+                       goto out;
 
                rootp = (struct iso_directory_record *)bp->b_data;
 
@@ -412,6 +415,7 @@ iso_mountfs(devvp, mp)
                bp->b_flags |= B_AGE;
                brelse(bp);
                bp = NULL;
+               rootp = NULL;
        }
 
        if (isomp->im_flags & ISOFSMNT_KICONV && cd9660_iconv) {
@@ -466,6 +470,7 @@ iso_mountfs(devvp, mp)
        if (supbp) {
                brelse(supbp);
                supbp = NULL;
+               sup = NULL;
        }
 
        return 0;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to