Don't set the mirror GEOM softc to NULL in g_mirror_destroy().
At this point we have not rendezvous'ed with the mirror worker thread, and I/O may still be in flight. Various I/O completion paths expect to be able to obtain a reference to the mirror softc from the GEOM, so setting it to NULL may result in various NULL pointer dereferences if the mirror is stopped with -f or the kernel is shut down while a mirror is synchronizing. The worker thread will clear the softc pointer before exiting. Tested by: pho MFC after: 2 weeks Sponsored by: Dell EMC Isilon
This commit is contained in:
Mark Johnston
parent
77011eac86
commit
1e91412e40
@ -3076,15 +3076,8 @@ g_mirror_destroy(struct g_mirror_softc *sc, int how)
|
||||
}
|
||||
}
|
||||
|
||||
g_topology_lock();
|
||||
if (sc->sc_geom->softc == NULL) {
|
||||
g_topology_unlock();
|
||||
if ((sc->sc_flags & G_MIRROR_DEVICE_FLAG_DESTROY) != 0)
|
||||
return (0);
|
||||
}
|
||||
sc->sc_geom->softc = NULL;
|
||||
sc->sc_sync.ds_geom->softc = NULL;
|
||||
g_topology_unlock();
|
||||
|
||||
sc->sc_flags |= G_MIRROR_DEVICE_FLAG_DESTROY;
|
||||
sc->sc_flags |= G_MIRROR_DEVICE_FLAG_WAIT;
|
||||
G_MIRROR_DEBUG(4, "%s: Waking up %p.", __func__, sc);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user