FreeBSD Mail Archives

Date:      Tue, 25 Jan 2011 14:04:02 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r217824 - head/sys/kern
Message-ID:  <201101251404.p0PE42Bs035631@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: kib
Date: Tue Jan 25 14:04:02 2011
New Revision: 217824
URL: http://svn.freebsd.org/changeset/base/217824

Log:
  When vtruncbuf() iterates over the vnode buffer list, lock buffer object
  before checking the validity of the next buffer pointer. Otherwise, the
  buffer might be reclaimed after the check, causing iteration to run into
  wrong buffer.
  
  Reported and tested by:	pho
  MFC after:	1 week

Modified:
  head/sys/kern/vfs_subr.c

Modified: head/sys/kern/vfs_subr.c
==============================================================================
--- head/sys/kern/vfs_subr.c	Tue Jan 25 14:00:30 2011	(r217823)
+++ head/sys/kern/vfs_subr.c	Tue Jan 25 14:04:02 2011	(r217824)
@@ -1337,13 +1337,14 @@ restart:
 			brelse(bp);
 			anyfreed = 1;
 
+			BO_LOCK(bo);
 			if (nbp != NULL &&
 			    (((nbp->b_xflags & BX_VNCLEAN) == 0) ||
 			    (nbp->b_vp != vp) ||
 			    (nbp->b_flags & B_DELWRI))) {
+				BO_UNLOCK(bo);
 				goto restart;
 			}
-			BO_LOCK(bo);
 		}
 
 		TAILQ_FOREACH_SAFE(bp, &bo->bo_dirty.bv_hd, b_bobufs, nbp) {
@@ -1360,13 +1361,15 @@ restart:
 			bp->b_flags &= ~B_ASYNC;
 			brelse(bp);
 			anyfreed = 1;
+
+			BO_LOCK(bo);
 			if (nbp != NULL &&
 			    (((nbp->b_xflags & BX_VNDIRTY) == 0) ||
 			    (nbp->b_vp != vp) ||
 			    (nbp->b_flags & B_DELWRI) == 0)) {
+				BO_UNLOCK(bo);
 				goto restart;
 			}
-			BO_LOCK(bo);
 		}
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101251404.p0PE42Bs035631>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation