mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-26 19:19:32 +03:00
8f2503e0af
A preallocated taskq_ent_t's tqent_flags must be checked prior to servicing the taskq_ent_t. Once a preallocated taskq entry is serviced, the ownership of the entry is handed back to the caller of taskq_dispatch, thus the entry's contents can potentially be mangled. In particular, this is a problem in the case where a preallocated taskq entry is serviced, and the caller clears it's tqent_flags field. Thus, when the function returns and task_done is called, it looks as though the entry is **not** a preallocated task (when in fact it **is** a preallocated task). In this situation, task_done will place the preallocated taskq_ent_t structure onto the taskq_t's free list. This is a **huge** mistake. If the taskq_ent_t is then freed by the caller of taskq_dispatch, the taskq_t's free list will hold a pointer to garbage data. Even worse, if nothing has over written the freed memory before the pointer is dereferenced, it may still look as though it points to a valid list_head belonging to a taskq_ent_t structure. Thus, the task entry's flags are now copied prior to servicing the task. This copy is then checked to see if it is a preallocated task, and determine if the entry needs to be passed down to the task_done function. Signed-off-by: Prakash Surya <surya1@llnl.gov> Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov> Closes #71 |
||
---|---|---|
.. | ||
.gitignore | ||
Makefile.in | ||
spl-atomic.c | ||
spl-condvar.c | ||
spl-cred.c | ||
spl-debug.c | ||
spl-err.c | ||
spl-generic.c | ||
spl-kmem.c | ||
spl-kobj.c | ||
spl-kstat.c | ||
spl-module.c | ||
spl-mutex.c | ||
spl-proc.c | ||
spl-rwlock.c | ||
spl-taskq.c | ||
spl-thread.c | ||
spl-time.c | ||
spl-tsd.c | ||
spl-vnode.c | ||
spl-xdr.c | ||
spl-zlib.c |