diff options
| author | Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> | 2022-04-06 12:00:56 +0200 |
|---|---|---|
| committer | Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org> | 2022-04-22 23:03:46 +0200 |
| commit | da00bec1e7243a6545b45e42283b8549cf19de1f (patch) | |
| tree | b0467608ddc76b5b934458b565b92a8ca177ca49 | |
| parent | fb12490ab4d1e87e7a63e457dd4fba1ea34c402a (diff) | |
| download | illumos-joyent-da00bec1e7243a6545b45e42283b8549cf19de1f.tar.gz | |
14654 blkdev softstate use after free
Reviewed by: Andrew Giles <agiles@tintri.com>
Reviewed by: Guy Morrogh <gmorrogh@tintri.com>
Reviewed by: Ben Jameson <bjameson@tintri.com>
Reviewed by: Gordon Ross <Gordon.W.Ross@gmail.com>
Reviewed by: Paul Winder <paul@winder.uk.net>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Robert Mustacchi <rm+illumos@fingolfin.org>
| -rw-r--r-- | usr/src/uts/common/io/blkdev/blkdev.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/usr/src/uts/common/io/blkdev/blkdev.c b/usr/src/uts/common/io/blkdev/blkdev.c index 847c7c58fc..7e5e5716e2 100644 --- a/usr/src/uts/common/io/blkdev/blkdev.c +++ b/usr/src/uts/common/io/blkdev/blkdev.c @@ -22,11 +22,10 @@ * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2012 Garrett D'Amore <garrett@damore.org>. All rights reserved. * Copyright 2012 Alexey Zaytsev <alexey.zaytsev@gmail.com> All rights reserved. - * Copyright 2016 Nexenta Systems, Inc. All rights reserved. * Copyright 2017 The MathWorks, Inc. All rights reserved. - * Copyright 2019 Western Digital Corporation. * Copyright 2020 Joyent, Inc. * Copyright 2022 OmniOS Community Edition (OmniOSce) Association. + * Copyright 2022 Tintri by DDN, Inc. All rights reserved. */ #include <sys/types.h> @@ -719,7 +718,6 @@ bd_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) bd->d_dip = dip; bd->d_handle = hdl; - hdl->h_bd = bd; ddi_set_driver_private(dip, bd); mutex_init(&bd->d_ksmutex, NULL, MUTEX_DRIVER, NULL); @@ -862,6 +860,7 @@ bd_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) "hotpluggable", NULL, 0); } + hdl->h_bd = bd; ddi_report_dev(dip); return (DDI_SUCCESS); @@ -893,9 +892,11 @@ fail_drive_info: static int bd_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) { - bd_t *bd; + bd_handle_t hdl; + bd_t *bd; bd = ddi_get_driver_private(dip); + hdl = ddi_get_parent_data(dip); switch (cmd) { case DDI_DETACH: @@ -907,6 +908,8 @@ bd_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) return (DDI_FAILURE); } + hdl->h_bd = NULL; + if (bd->d_ksp != NULL) { kstat_delete(bd->d_ksp); bd->d_ksp = NULL; |