From owner-svn-src-all@FreeBSD.ORG Fri Dec 27 17:09:59 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E7A0782E; Fri, 27 Dec 2013 17:09:59 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D3AAD1F1B; Fri, 27 Dec 2013 17:09:59 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id rBRH9xWg028398; Fri, 27 Dec 2013 17:09:59 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id rBRH9xoU028397; Fri, 27 Dec 2013 17:09:59 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <201312271709.rBRH9xoU028397@svn.freebsd.org> From: Konstantin Belousov Date: Fri, 27 Dec 2013 17:09:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r259953 - head/sys/kern X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Dec 2013 17:10:00 -0000 Author: kib Date: Fri Dec 27 17:09:59 2013 New Revision: 259953 URL: http://svnweb.freebsd.org/changeset/base/259953 Log: Fix accounting for the negative cache entries when reusing v_cache_dd. Having ncneg diverge with the actual length of the ncneg tailq causes NULL dereference. Add assertion that an entry taken from ncneg queue is indeed negative. Reported by and discussed with: avg Sponsored by: The FreeBSD Foundation MFC after: 1 week Modified: head/sys/kern/vfs_cache.c Modified: head/sys/kern/vfs_cache.c ============================================================================== --- head/sys/kern/vfs_cache.c Fri Dec 27 17:04:51 2013 (r259952) +++ head/sys/kern/vfs_cache.c Fri Dec 27 17:09:59 2013 (r259953) @@ -748,16 +748,20 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp ncp->nc_flag & NCF_ISDOTDOT) { KASSERT(ncp->nc_dvp == dvp, ("wrong isdotdot parent")); - if (ncp->nc_vp != NULL) + if (ncp->nc_vp != NULL) { TAILQ_REMOVE(&ncp->nc_vp->v_cache_dst, ncp, nc_dst); - else + } else { TAILQ_REMOVE(&ncneg, ncp, nc_dst); - if (vp != NULL) + numneg--; + } + if (vp != NULL) { TAILQ_INSERT_HEAD(&vp->v_cache_dst, ncp, nc_dst); - else + } else { TAILQ_INSERT_TAIL(&ncneg, ncp, nc_dst); + numneg++; + } ncp->nc_vp = vp; CACHE_WUNLOCK(); return; @@ -893,6 +897,8 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp } if (numneg * ncnegfactor > numcache) { ncp = TAILQ_FIRST(&ncneg); + KASSERT(ncp->nc_vp == NULL, ("ncp %p vp %p on ncneg", + ncp, ncp->nc_vp)); zap = 1; } if (hold)