Module Name: src
Committed By: manu
Date: Fri Nov 14 10:09:50 UTC 2014
Modified Files:
src/sys/kern: vfs_mount.c
src/sys/ufs/ffs: ffs_vfsops.c
src/sys/ufs/ufs: ufs_extattr.c
Log Message:
Fix use-after-free on failed unmount with extended attribute enabled
When unmount failed, for instance because the mount is still busy,
UFS1 extended attributes structures were left freed while the kernel
assumes extended attributes were still enabled. This led to using
UFS1 extended attributes structures after free. With LOCKDEBUG, with
quickly triggers a panic.
The problem is fixed by:
1) clear MNT_EXTATTR flag after extended attributes structures are freed
2) attempt to restart extended attributes after failed unmount
2) set MNT_EXTATTR correctly after extended attributes restart
As a side effect, extended attribute structures are now only initialized
when extended attributes are started for the filesystem.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/sys/kern/vfs_mount.c
cvs rdiff -u -r1.301 -r1.302 src/sys/ufs/ffs/ffs_vfsops.c
cvs rdiff -u -r1.43 -r1.44 src/sys/ufs/ufs/ufs_extattr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
