git: fabbc3d879cc - main - softdep_flush(): do not access ump after we acked FLUSH_EXIT and unlocked SU lock
Konstantin Belousov
kib at FreeBSD.org
Fri Mar 12 11:32:27 UTC 2021
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=fabbc3d879cce5c37df25707107a0fcb64267346
commit fabbc3d879cce5c37df25707107a0fcb64267346
Author: Konstantin Belousov <kib at FreeBSD.org>
AuthorDate: 2021-02-28 22:45:04 +0000
Commit: Konstantin Belousov <kib at FreeBSD.org>
CommitDate: 2021-03-12 11:31:08 +0000
softdep_flush(): do not access ump after we acked FLUSH_EXIT and unlocked SU lock
otherwise we might follow a pointer in the freed memory.
Reviewed by: mckusick
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D29178
---
sys/ufs/ffs/ffs_softdep.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/sys/ufs/ffs/ffs_softdep.c b/sys/ufs/ffs/ffs_softdep.c
index af5b9f57b328..4e20652973b4 100644
--- a/sys/ufs/ffs/ffs_softdep.c
+++ b/sys/ufs/ffs/ffs_softdep.c
@@ -1569,6 +1569,7 @@ softdep_flush(addr)
struct mount *mp;
struct thread *td;
struct ufsmount *ump;
+ int cleanups;
td = curthread;
td->td_pflags |= TDP_NORUNNINGBUF;
@@ -1603,10 +1604,14 @@ softdep_flush(addr)
continue;
}
ump->softdep_flags &= ~FLUSH_EXIT;
+ cleanups = ump->um_softdep->sd_cleanups;
FREE_LOCK(ump);
wakeup(&ump->softdep_flags);
- if (print_threads)
- printf("Stop thread %s: searchfailed %d, did cleanups %d\n", td->td_name, searchfailed, ump->um_softdep->sd_cleanups);
+ if (print_threads) {
+ printf("Stop thread %s: searchfailed %d, "
+ "did cleanups %d\n",
+ td->td_name, searchfailed, cleanups);
+ }
atomic_subtract_int(&stat_flush_threads, 1);
kthread_exit();
panic("kthread_exit failed\n");
More information about the dev-commits-src-main
mailing list