Date: Thu, 16 Jun 2005 23:49:27 -0700 From: "David O'Brien" <obrien@FreeBSD.org> To: Jeff Roberson <jeff@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern vfs_cache.c Message-ID: <20050617064927.GA948@dragon.NUXI.org> In-Reply-To: <200506170105.j5H15EhR075282@repoman.freebsd.org> References: <200506170105.j5H15EhR075282@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 17, 2005 at 01:05:13AM +0000, Jeff Roberson wrote:
> Log:
> - Fix a leaked reference to a vnode via v_dd. We rely on cache_purge() and
> cache_zap() to clear the v_dd pointers when a directory vnode is forcibly
> discarded. For this to work, all vnodes with v_dd pointers to a directory
> must also have name cache entries linked via v_cache_dst to that dvp
> otherwise we could not find them at cache_purge() time. The following
> code snipit could break this guarantee by unlinking a directory before
> fetching it's dotdot. The dotdot lookup would initialize the v_dd field
> of the unlinked directory which could never be cleared. To fix this
> we don't initialize v_dd for orphaned vnodes.
> printf("rmdir: %d\n", rmdir("../foo")); /* foo is cwd */
> printf("chdir: %d\n", chdir(".."));
> printf("%s\n", getwd(NULL));
>
> Discovered by: kkenn
Isn't this the same bug Peter discovered back in April at USENIX (via
Kmail). I thought this bug was fixed.
--
-- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050617064927.GA948>