svn commit: r203818 - head/sys/ufs/ffs
Konstantin Belousov
kib at FreeBSD.org
Sat Feb 13 10:34:51 UTC 2010
Author: kib
Date: Sat Feb 13 10:34:50 2010
New Revision: 203818
URL: http://svn.freebsd.org/changeset/base/203818
Log:
When ffs_realloccg() failed to allocate bigger fragment and, because
pending blocks are scheduled for removal, goes to retry the (re)allocation,
clear the bp pointer. It might happen that meantime free space is really
exhausted and we are entering nospace: label without bread()ing buffer,
causing stale bp value to be brelse()d again.
Tested by: pho
(Producing a scenario to reliably reproduce the
race appeared to be much harder then fixing the bug)
MFC after: 1 week
Modified:
head/sys/ufs/ffs/ffs_alloc.c
Modified: head/sys/ufs/ffs/ffs_alloc.c
==============================================================================
--- head/sys/ufs/ffs/ffs_alloc.c Sat Feb 13 10:26:00 2010 (r203817)
+++ head/sys/ufs/ffs/ffs_alloc.c Sat Feb 13 10:34:50 2010 (r203818)
@@ -432,8 +432,10 @@ nospace:
reclaimed = 1;
softdep_request_cleanup(fs, vp);
UFS_UNLOCK(ump);
- if (bp)
+ if (bp) {
brelse(bp);
+ bp = NULL;
+ }
UFS_LOCK(ump);
goto retry;
}
More information about the svn-src-all
mailing list