zfs/module/spl
Prakash Surya 8f2503e0af Store copy of tqent_flags prior to servicing task
A preallocated taskq_ent_t's tqent_flags must be checked prior to
servicing the taskq_ent_t. Once a preallocated taskq entry is serviced,
the ownership of the entry is handed back to the caller of
taskq_dispatch, thus the entry's contents can potentially be mangled.

In particular, this is a problem in the case where a preallocated taskq
entry is serviced, and the caller clears it's tqent_flags field. Thus,
when the function returns and task_done is called, it looks as though
the entry is **not** a preallocated task (when in fact it **is** a
preallocated task).

In this situation, task_done will place the preallocated taskq_ent_t
structure onto the taskq_t's free list. This is a **huge** mistake. If
the taskq_ent_t is then freed by the caller of taskq_dispatch, the
taskq_t's free list will hold a pointer to garbage data. Even worse, if
nothing has over written the freed memory before the pointer is
dereferenced, it may still look as though it points to a valid list_head
belonging to a taskq_ent_t structure.

Thus, the task entry's flags are now copied prior to servicing the task.
This copy is then checked to see if it is a preallocated task, and
determine if the entry needs to be passed down to the task_done
function.

Signed-off-by: Prakash Surya <surya1@llnl.gov>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #71
2011-12-16 16:54:00 -08:00
..
.gitignore sun-misc-gitignore 2010-01-08 09:37:54 -08:00
Makefile.in Fix zlib compression 2011-02-25 16:56:22 -08:00
spl-atomic.c Linux 2.6.39 compat, DEFINE_SPINLOCK() 2011-04-20 12:01:11 -07:00
spl-condvar.c Block in cv_destroy() on all waiters 2011-02-04 14:09:08 -08:00
spl-cred.c Add crgetfsuid()/crgetfsgid() helpers 2011-03-22 12:18:44 -07:00
spl-debug.c Prepend spl_ to all init/fini functions 2011-11-11 09:18:28 -08:00
spl-err.c Prefix all SPL debug macros with 'S' 2010-07-20 13:30:40 -07:00
spl-generic.c Prepend spl_ to all init/fini functions 2011-11-11 09:18:28 -08:00
spl-kmem.c Linux 3.1 compat, shrink_*cache_memory 2011-11-09 19:36:30 -08:00
spl-kobj.c Remove VN_HOLD/VN_RELE/VOP_PUTPAGE 2011-01-12 11:38:05 -08:00
spl-kstat.c Prepend spl_ to all init/fini functions 2011-11-11 09:18:28 -08:00
spl-module.c Linux 2.6.39 compat, DEFINE_SPINLOCK() 2011-04-20 12:01:11 -07:00
spl-mutex.c Public Release Prep 2010-05-17 15:18:00 -07:00
spl-proc.c Prepend spl_ to all init/fini functions 2011-11-11 09:18:28 -08:00
spl-rwlock.c Public Release Prep 2010-05-17 15:18:00 -07:00
spl-taskq.c Store copy of tqent_flags prior to servicing task 2011-12-16 16:54:00 -08:00
spl-thread.c Add Thread Specific Data (TSD) Implementation 2010-12-07 10:02:32 -08:00
spl-time.c Minor 32-bit fix cast to hrtime_t before the mutliply. 2010-05-23 09:51:17 -07:00
spl-tsd.c Prepend spl_ to all init/fini functions 2011-11-11 09:18:28 -08:00
spl-vnode.c Linux 3.1 compat, kern_path_parent() 2011-11-09 16:51:25 -08:00
spl-xdr.c Prefix all SPL debug macros with 'S' 2010-07-20 13:30:40 -07:00
spl-zlib.c Prepend spl_ to all init/fini functions 2011-11-11 09:18:28 -08:00