On Thu, Jun 21, 2012 at 19:53:03 +0400, Andrey V. Elsukov wrote: > On 21.06.2012 08:29, Kenneth D. Merry wrote: > > Fix a bug which causes a panic in daopen(). The panic is caused by > > a da(4) instance going away while GEOM is still probing it. > > > > In this case, the GEOM disk class instance has been created by > > disk_create(), and the taste of the disk is queued in the GEOM > > event queue. > > > > While that event is queued, the da(4) instance goes away. When the > > open call comes into the da(4) driver, it dereferences the freed > > (but non-NULL) peripheral pointer provided by GEOM, which results > > in a panic. > > I think this situation is very specific for the GEOM_DISK class, and > this callback will be less useful for other classes. > Does g_cancel_event() cannot help you prevent tasting? Calling g_cancel_event(), for instance from disk_gone(), would not completely close the race condition. It can't cancel an event that is already in progress, and it is possible for the peripheral to go away while the event is marked in progress but before the taste gets far enough into daopen() to acquire a reference to the peripheral. Ken -- Kenneth Merry ken_at_FreeBSD.ORGReceived on Thu Jun 21 2012 - 14:48:54 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:28 UTC