diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-01-28 12:50:57 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-01-28 12:50:57 +0000 |
| commit | 90ebd511049fc0abf20030d614593dc5f41cd545 (patch) | |
| tree | 55562ba1045bc96777a55e88afae9f9a3a645c4f | |
| parent | ac3c60258359ee7c044e0f9e09ae85073c34e69c (diff) | |
| parent | de1f518f033a642fe7aa3c2b59429241a01e387f (diff) | |
| download | illumos-joyent-90ebd511049fc0abf20030d614593dc5f41cd545.tar.gz | |
[illumos-gate merge]
commit de1f518f033a642fe7aa3c2b59429241a01e387f
5547 libproc's fake_elf should give up if there's no .hash
commit 7199059354284218c1c31276b0a51935fb228cc2
5546 libproc's fake_elf may free stack junk when reading corrupt dumps
commit 0fda3cc5c1c5a1d9bdea6d52637bef6e781549c9
5562 ZFS sa_handle's violate kmem invariants, debug kernels panic on boot
| -rw-r--r-- | usr/src/lib/libproc/common/Psymtab_machelf32.c | 7 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/zfs/sa.c | 20 |
2 files changed, 12 insertions, 15 deletions
diff --git a/usr/src/lib/libproc/common/Psymtab_machelf32.c b/usr/src/lib/libproc/common/Psymtab_machelf32.c index 9c57b3e5c7..13ee1ac8de 100644 --- a/usr/src/lib/libproc/common/Psymtab_machelf32.c +++ b/usr/src/lib/libproc/common/Psymtab_machelf32.c @@ -249,7 +249,7 @@ fake_elf32(struct ps_prochandle *P, file_info_t *fptr, uintptr_t addr, int dynstr_shndx; Ehdr *ep; Shdr *sp; - Dyn *dp; + Dyn *dp = NULL; Dyn *d[DI_NENT] = { 0 }; uint_t i; Off off; @@ -366,6 +366,11 @@ fake_elf32(struct ps_prochandle *P, file_info_t *fptr, uintptr_t addr, hnchains = hash[1]; } + if ((d[DI_HASH] == NULL) || (hnbuckets == 0) || (hnchains == 0)) { + dprintf("empty or missing .hash\n"); + goto bad; + } + /* * .dynsym and .SUNW_ldynsym sections. * diff --git a/usr/src/uts/common/fs/zfs/sa.c b/usr/src/uts/common/fs/zfs/sa.c index 2e3156c00a..0b5b37f5fb 100644 --- a/usr/src/uts/common/fs/zfs/sa.c +++ b/usr/src/uts/common/fs/zfs/sa.c @@ -211,13 +211,6 @@ sa_cache_constructor(void *buf, void *unused, int kmflag) { sa_handle_t *hdl = buf; - hdl->sa_dbu.dbu_evict_func = NULL; - hdl->sa_bonus_tab = NULL; - hdl->sa_spill_tab = NULL; - hdl->sa_os = NULL; - hdl->sa_userp = NULL; - hdl->sa_bonus = NULL; - hdl->sa_spill = NULL; mutex_init(&hdl->sa_lock, NULL, MUTEX_DEFAULT, NULL); return (0); } @@ -227,7 +220,6 @@ static void sa_cache_destructor(void *buf, void *unused) { sa_handle_t *hdl = buf; - hdl->sa_dbu.dbu_evict_func = NULL; mutex_destroy(&hdl->sa_lock); } @@ -1351,14 +1343,11 @@ sa_handle_destroy(sa_handle_t *hdl) mutex_enter(&hdl->sa_lock); (void) dmu_buf_remove_user(db, &hdl->sa_dbu); - if (hdl->sa_bonus_tab) { + if (hdl->sa_bonus_tab) sa_idx_tab_rele(hdl->sa_os, hdl->sa_bonus_tab); - hdl->sa_bonus_tab = NULL; - } - if (hdl->sa_spill_tab) { + + if (hdl->sa_spill_tab) sa_idx_tab_rele(hdl->sa_os, hdl->sa_spill_tab); - hdl->sa_spill_tab = NULL; - } dmu_buf_rele(hdl->sa_bonus, NULL); @@ -1392,10 +1381,13 @@ sa_handle_get_from_db(objset_t *os, dmu_buf_t *db, void *userp, sa_handle_t *winner = NULL; handle = kmem_cache_alloc(sa_cache, KM_SLEEP); + handle->sa_dbu.dbu_evict_func = NULL; handle->sa_userp = userp; handle->sa_bonus = db; handle->sa_os = os; handle->sa_spill = NULL; + handle->sa_bonus_tab = NULL; + handle->sa_spill_tab = NULL; error = sa_build_index(handle, SA_BONUS); |