git: f09db311a9fb - stable/13 - cluster_write(): do not access buffer after it is released

Konstantin Belousov kib at FreeBSD.org
Thu Sep 9 01:22:11 UTC 2021 

The branch stable/13 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=f09db311a9fb52ca74810866dbdf95b79cdd4ca9

commit f09db311a9fb52ca74810866dbdf95b79cdd4ca9
Author:     Konstantin Belousov <kib at FreeBSD.org>
AuthorDate: 2021-09-02 04:04:23 +0000
Commit:     Konstantin Belousov <kib at FreeBSD.org>
CommitDate: 2021-09-09 01:21:44 +0000

    cluster_write(): do not access buffer after it is released
    
    (cherry picked from commit 5cc82c563eda97b70120f06e9635ab6c1c24fecd)
---
 sys/kern/vfs_cluster.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/sys/kern/vfs_cluster.c b/sys/kern/vfs_cluster.c
index 60f22fd38764..c9af1282fd11 100644
--- a/sys/kern/vfs_cluster.c
+++ b/sys/kern/vfs_cluster.c
@@ -646,7 +646,7 @@ void
 cluster_write(struct vnode *vp, struct buf *bp, u_quad_t filesize, int seqcount,
     int gbflags)
 {
-	daddr_t lbn;
+	daddr_t lbn, pbn;
 	int maxclen, cursize;
 	int lblocksize;
 	int async;
@@ -752,14 +752,16 @@ cluster_write(struct vnode *vp, struct buf *bp, u_quad_t filesize, int seqcount,
 		    (bp->b_blkno == bp->b_lblkno) &&
 		    (VOP_BMAP(vp, lbn, NULL, &bp->b_blkno, &maxclen, NULL) ||
 		     bp->b_blkno == -1)) {
+			pbn = bp->b_blkno;
 			bawrite(bp);
 			vp->v_clen = 0;
-			vp->v_lasta = bp->b_blkno;
+			vp->v_lasta = pbn;
 			vp->v_cstart = lbn + 1;
 			vp->v_lastw = lbn;
 			return;
 		}
 		vp->v_clen = maxclen;
+		pbn = bp->b_blkno;
 		if (!async && maxclen == 0) {	/* I/O not contiguous */
 			vp->v_cstart = lbn + 1;
 			bawrite(bp);
@@ -773,6 +775,7 @@ cluster_write(struct vnode *vp, struct buf *bp, u_quad_t filesize, int seqcount,
 		 * are operating sequentially, otherwise let the buf or
 		 * update daemon handle it.
 		 */
+		pbn = bp->b_blkno;
 		bdwrite(bp);
 		if (seqcount > 1) {
 			cluster_wbuild_wb(vp, lblocksize, vp->v_cstart,
@@ -784,15 +787,17 @@ cluster_write(struct vnode *vp, struct buf *bp, u_quad_t filesize, int seqcount,
 		/*
 		 * We are low on memory, get it going NOW
 		 */
+		pbn = bp->b_blkno;
 		bawrite(bp);
 	} else {
 		/*
 		 * In the middle of a cluster, so just delay the I/O for now.
 		 */
+		pbn = bp->b_blkno;
 		bdwrite(bp);
 	}
 	vp->v_lastw = lbn;
-	vp->v_lasta = bp->b_blkno;
+	vp->v_lasta = pbn;
 }
 
 /*

More information about the dev-commits-src-all mailing list