Break the following implementation of panic(3):
#!bin/sh # Original version of this by Michael Reifenberger # <root@nihil.plaut.de>. mdconfig -d -u 11 >/dev/null 2>&1 dd if=/dev/zero of=zz bs=1m count=1 while : do mdconfig -a -t vnode -f zz -u 11 fdisk -f - -iv /dev/md11 <<EOF1 g c1 h64 s32 p 1 165 0 2048 a 1 EOF1 mdconfig -d -u 11 done Garbage pointers in __si_u were not cleared by destroy_dev(). Not clearing si_disk made the above fatal because the disk layer uses si_disk as a flag to indicate that the dev_t has been completely initialized. disk_destroy() clears si_disk for the parent dev_t but doesn't get called for children. Not fixed: - setting the undocumented sysctl debug.free_devt should cause more complete destruction of the dev_t including clearing of __si_u, but actually causes the above to panic a little earlier. - the loop leaks 10 memory allocations per iteration (4 DEVFS, 2 devbuf and 4 dev_t). Reviewed by: timeout by MAINTAINER after 3 months
This commit is contained in:
bde
parent
0153568c10
commit
c7cc23aacf
@ -398,6 +398,7 @@ destroy_dev(dev_t dev)
|
||||
dev->si_drv1 = 0;
|
||||
dev->si_drv2 = 0;
|
||||
dev->si_devsw = 0;
|
||||
bzero(&dev->__si_u, sizeof(dev->__si_u));
|
||||
dev->si_flags &= ~SI_NAMED;
|
||||
dev->si_flags &= ~SI_ALIAS;
|
||||
freedev(dev);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user