| commit | 1dc6036fc98bd355cdad303f3572aa7267471a57 | |
| author | Tomohiro Kusumi <tkusumi@netbsd.org> | |
| Tue, 20 Jun 2023 07:28:19 +0000 (20 00:28 -0700) | ||
| committer | Tomohiro Kusumi <tkusumi@netbsd.org> | |
| Tue, 20 Jun 2023 08:06:24 +0000 (20 01:06 -0700) | ||
| tree | 498a1e42e51cf613691f5d1747dc69e68f59317b | treesnapshot (tar.gz zip) |
| parent | ba024da80b160ff9468f2131c04195c0d2b8d637 | commitdiff |
usr.sbin/makefs/hammer2: Fix use-after-free caused by unmodified inode
Fix another bug only seen on OpenBSD.
Unlike regular makefs usage for image creation, ioctl commands don't
always modify all in-memory inodes. These unmodified inodes get freed
in makefs vflush() via hammer2_inode_drop() on unmount before PFS sync,
but they need to outlive chains.
Add per-PFS reclaim list to keep all inodes intact during unmount
process until PFS is ready to be freed.
Fix another bug only seen on OpenBSD.
Unlike regular makefs usage for image creation, ioctl commands don't
always modify all in-memory inodes. These unmodified inodes get freed
in makefs vflush() via hammer2_inode_drop() on unmount before PFS sync,
but they need to outlive chains.
Add per-PFS reclaim list to keep all inodes intact during unmount
process until PFS is ready to be freed.
| usr.sbin/makefs/hammer2/hammer2.h | diffblobblamehistory | |
| usr.sbin/makefs/hammer2/hammer2_inode.c | diffblobblamehistory | |
| usr.sbin/makefs/hammer2/hammer2_vfsops.c | diffblobblamehistory |