]> granicus.if.org Git - zfs/commit
Illumos #4088 use after free in arc_release()
authorBoris Protopopov <boris.protopopov@nexenta.com>
Fri, 30 Aug 2013 19:12:45 +0000 (12:12 -0700)
committerBrian Behlendorf <behlendorf1@llnl.gov>
Mon, 10 Mar 2014 16:11:15 +0000 (09:11 -0700)
commit47fe91b54c9c2d844059d50cb9622d7bbde9da27
tree2b580f17c4b8914ea4296d638ffc6f5cefc12f34
parenta45fc6a677bee01c0461b848e6e47ac3cb7797df
Illumos #4088 use after free in arc_release()

4088 use after free in arc_release()

Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Garrett D'Amore <garrett@damore.org>
Reviewed by: Saso Kiselkov <skiselkov.ml@gmail.com>
Approved by: Dan McDonald <danmcd@nexenta.com>

References:
  https://www.illumos.org/issues/4088
  illumos/illumos-gate@ccc22e130479b5bd7c0002267fee1e0602d3f772

From the illumos issue:

A race-induced use after free occurs in arc_release() where the
ARC header is used outside the critical section protected by the
hash_lock.

Ported by: Tim Chase <tim@chase2k.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <ryao@gentoo.org>
Closes #2162
module/zfs/arc.c