svn commit: r217824 - head/sys/kern
Konstantin Belousov
kib at FreeBSD.org
Tue Jan 25 14:04:02 UTC 2011
Author: kib
Date: Tue Jan 25 14:04:02 2011
New Revision: 217824
URL: http://svn.freebsd.org/changeset/base/217824
Log:
When vtruncbuf() iterates over the vnode buffer list, lock buffer object
before checking the validity of the next buffer pointer. Otherwise, the
buffer might be reclaimed after the check, causing iteration to run into
wrong buffer.
Reported and tested by: pho
MFC after: 1 week
Modified:
head/sys/kern/vfs_subr.c
Modified: head/sys/kern/vfs_subr.c
==============================================================================
--- head/sys/kern/vfs_subr.c Tue Jan 25 14:00:30 2011 (r217823)
+++ head/sys/kern/vfs_subr.c Tue Jan 25 14:04:02 2011 (r217824)
@@ -1337,13 +1337,14 @@ restart:
brelse(bp);
anyfreed = 1;
+ BO_LOCK(bo);
if (nbp != NULL &&
(((nbp->b_xflags & BX_VNCLEAN) == 0) ||
(nbp->b_vp != vp) ||
(nbp->b_flags & B_DELWRI))) {
+ BO_UNLOCK(bo);
goto restart;
}
- BO_LOCK(bo);
}
TAILQ_FOREACH_SAFE(bp, &bo->bo_dirty.bv_hd, b_bobufs, nbp) {
@@ -1360,13 +1361,15 @@ restart:
bp->b_flags &= ~B_ASYNC;
brelse(bp);
anyfreed = 1;
+
+ BO_LOCK(bo);
if (nbp != NULL &&
(((nbp->b_xflags & BX_VNDIRTY) == 0) ||
(nbp->b_vp != vp) ||
(nbp->b_flags & B_DELWRI) == 0)) {
+ BO_UNLOCK(bo);
goto restart;
}
- BO_LOCK(bo);
}
}
More information about the svn-src-all
mailing list