K 10
svn:author
V 7
asomers
K 8
svn:date
V 27
2016-05-10T16:49:50.241289Z
K 7
svn:log
V 952
MFC 297868

Fix rare double free in vdev_geom_attrchanged

sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
        Don't drop the g_topology_lock before freeing old_physpath. That
        opens up a race where one thread can call vdev_geom_attrchanged,
        set old_physpath, drop the g_topology_lock, then block trying to
        acquire the SCL_STATE lock. Then another thread can come into
        vdev_geom_attrchanged, set old_physpath to the same value, and
        proceed to free it. When the first thread resumes, it will free
        the same location.

        It turns out that the SCL_STATE lock isn't needed. It was
        originally added by gibbs to protect vd->vdev_physpath while
        updating the same. However, the update process subsequently was
        switched to an atomic operation (a pointer swap). Now, there is
        no need for the SCL_STATE lock, and hence no need to drop the
        g_topology_lock.

END