d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5aab788866
freebsd-nq/sys
History
Andriy Gapon 5aab788866 MFC r316913: 7869 panic in bpobj_space(): null pointer dereference 
illumos/illumos-gate@a3905a4592
a3905a4592

https://www.illumos.org/issues/7869
  The issue fixed by this patch is a race condition in the deadlist code.
  A thread executing an administrative command that uses
  `dsl_deadlist_space_range()` holds the lock of the whole `deadlist_t` to
  protect the access of all its entries that the deadlist contains in an
  avl tree.
  Sync threads trying to insert a new entry in the deadlist
  (through `dsl_deadlist_insert()` -> `dle_enqueue()`) do not hold the
  deadlist lock at that moment. If the `dle_bpobj` is the empty bpobj (our
  sentinel value), we close and reopen it. Between these two operations,
  it is possible for the `dsl_deadlist_space_range()` thread to dereference
  that bpobj which is `NULL` during that window.
  Threads should hold the a deadlist's `dl_lock` when they manipulate its
  internal data so scenarios like the one above are avoided. In addition,
  threads should also hold the bpobj lock whenever they are allocating the
  subobj list of a bpobj, and not just when they actually insert the subobj
  to the list. This way we can avoid potential memory leaks.

Reviewed by: Matt Ahrens <mahrens@delphix.com>
Reviewed by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed by: Steve Gonczi <steve.gonczi@delphix.com>
Reviewed by: John Kennedy <john.kennedy@delphix.com>
Reviewed by: George Melikov <mail@gmelikov.ru>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Approved by: Dan McDonald <danmcd@omniti.com>
Author: Serapheim Dimitropoulos <serapheim@delphix.com>
MFC after:	2 weeks
2017-05-24 21:45:52 +00:00
..
amd64 Bump default MAXTSIZ (kern.maxtsiz) from 128MB to 32GB. The old limit 2017-05-17 08:38:41 +00:00
arm Exclude ccr(4) from arm LINT since it excludes cxgbe(4). 2017-05-19 22:54:45 +00:00
arm64 Add COMPAT_FREEBSD11 on arm64, the arch is almost tier-1. 2017-05-23 13:57:55 +00:00
boot Pass -N directly to ld via -Wl rather than passing it to the compiler driver. 2017-05-23 17:41:09 +00:00
bsm Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
cam Add basic programmable early warning error injection to the sa(4) driver. 2017-05-05 20:00:53 +00:00
cddl MFC r316913: 7869 panic in bpobj_space(): null pointer dereference 2017-05-24 21:45:52 +00:00
compat Followup to r318765 (capsicumize cpuset_*affinity) 2017-05-24 01:01:57 +00:00
conf cxgbe(4): Update the T4, T5, and T6 firmwares to 1.16.45.0. 2017-05-23 23:40:17 +00:00
contrib Ifdef out a redundant if statement when LARGE_NAT is disabled. 2017-05-24 14:36:51 +00:00
crypto Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
ddb Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
dev Increase the allowed maximum number of audio channels from 31 to 127 2017-05-24 21:42:48 +00:00
fs Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
gdb
geom Fix typo. 2017-05-18 08:25:07 +00:00
gnu [mips] [rt2880] Add oldest Ralink MIPS SOC RT2880 support code. 2017-05-06 06:20:34 +00:00
i386 Remove the BSD/OS 2.1 system call gate LDT entry. 2017-05-23 22:34:18 +00:00
isa Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
kern Followup to r318765 (capsicumize cpuset_*affinity) 2017-05-24 01:01:57 +00:00
kgssapi
libkern Sync qsort.c with userland r318515. 2017-05-19 06:37:16 +00:00
mips Remove superfluous parentheses. 2017-05-23 12:00:08 +00:00
modules cxgbe(4): Update the T4, T5, and T6 firmwares to 1.16.45.0. 2017-05-23 23:40:17 +00:00
net Add parent interface reference counting to if_vlan. 2017-05-23 00:13:27 +00:00
net80211 [net80211] prepare for A-MSDU/A-MPDU offload crypto / sequence number checking. 2017-05-20 00:43:52 +00:00
netgraph Make cached Bluetooth LE host advertise information visible from userland. 2017-04-27 15:03:24 +00:00
netinet o Rearrange struct inpcb fields to optimize the TCP output code path 2017-05-24 17:47:16 +00:00
netinet6 The connect() system call should return -1 and set errno to EAFNOSUPPORT 2017-05-22 15:29:10 +00:00
netipsec Fix possible double releasing for SA and SP references. 2017-05-23 09:32:26 +00:00
netpfil Fix the queue delay estimation in PIE/FQ-PIE when the timestamp 2017-05-19 08:38:03 +00:00
netsmb
nfs Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
nfsclient Add an NFSv4.1 mount option for "use one openowner". 2017-04-13 21:54:19 +00:00
nfsserver Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
nlm Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
ofed All these files need sys/vmmeter.h, but now they got it implicitly 2017-04-17 17:07:00 +00:00
opencrypto Use const with some read-only buffers in opencrypto APIs. 2017-05-09 18:28:42 +00:00
powerpc Add a driver for the Chelsio T6 crypto accelerator engine. 2017-05-17 22:13:07 +00:00
riscv Follow r317061 "Remove struct vmmeter from struct pcpu" 2017-04-19 17:06:32 +00:00
rpc Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
security Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
sparc64 fix sparc64 build by restoring 'register' in pcpu.h 2017-05-17 16:32:24 +00:00
sys Add BIT_OR2(), BIT_AND2(), BIT_NAND2(), BIT_XOR() and BIT_XOR2(). 2017-05-24 10:09:54 +00:00
teken Oops, my fix for bright colors broke bright black some more (in cases 2017-03-27 10:48:28 +00:00
tests style(9): sort headers 2017-05-09 05:08:47 +00:00
tools Increase the allowed maximum number of audio channels from 31 to 127 2017-05-24 21:42:48 +00:00
ufs Remove spl() calls from UFS code. 2017-05-07 14:59:45 +00:00
vm Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
x86 Remove constants and comments for unimplemented entries in the default LDT. 2017-05-24 18:54:21 +00:00
xdr
xen xenstore: fix suspension when using the xenstore device 2017-03-07 09:17:48 +00:00
Makefile Remove glimpse make target added in r181432 2017-05-22 15:53:30 +00:00