Date: Mon, 15 Dec 2014 11:00:57 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r275797 - stable/10/sys/kern Message-ID: <201412151100.sBFB0vA3006869@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Mon Dec 15 11:00:56 2014 New Revision: 275797 URL: https://svnweb.freebsd.org/changeset/base/275797 Log: MFC r275619: Check for bo_bufobj->bo_object for NULL and cache the value in local variable to avoid NULL dereference in getnewbuf_reuse_bp(). The vnode owning the buffer is not locked there. Modified: stable/10/sys/kern/vfs_bio.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/kern/vfs_bio.c ============================================================================== --- stable/10/sys/kern/vfs_bio.c Mon Dec 15 10:58:02 2014 (r275796) +++ stable/10/sys/kern/vfs_bio.c Mon Dec 15 11:00:56 2014 (r275797) @@ -1852,15 +1852,18 @@ out: static void vfs_vmio_release(struct buf *bp) { - int i; + vm_object_t obj; vm_page_t m; + int i; if ((bp->b_flags & B_UNMAPPED) == 0) { BUF_CHECK_MAPPED(bp); pmap_qremove(trunc_page((vm_offset_t)bp->b_data), bp->b_npages); } else BUF_CHECK_UNMAPPED(bp); - VM_OBJECT_WLOCK(bp->b_bufobj->bo_object); + obj = bp->b_bufobj->bo_object; + if (obj != NULL) + VM_OBJECT_WLOCK(obj); for (i = 0; i < bp->b_npages; i++) { m = bp->b_pages[i]; bp->b_pages[i] = NULL; @@ -1885,7 +1888,8 @@ vfs_vmio_release(struct buf *bp) vm_page_try_to_cache(m); vm_page_unlock(m); } - VM_OBJECT_WUNLOCK(bp->b_bufobj->bo_object); + if (obj != NULL) + VM_OBJECT_WUNLOCK(obj); if (bp->b_bufsize) { bufspacewakeup();
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201412151100.sBFB0vA3006869>