svn commit: r251151 - head/sys/vm
Konstantin Belousov
kib at FreeBSD.org
Thu May 30 20:00:20 UTC 2013
Author: kib
Date: Thu May 30 20:00:19 2013
New Revision: 251151
URL: http://svnweb.freebsd.org/changeset/base/251151
Log:
After the object lock was dropped, the object' reference count could
change. Retest the ref_count and return from the function to not
execute the further code which assumes that ref_count == 1 if it is
not. Also, do not leak vnode lock if other thread cleared OBJ_TMPFS
flag meantime.
Reported by: bdrewery
Tested by: bdrewery, pho
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/vm/vm_object.c
Modified: head/sys/vm/vm_object.c
==============================================================================
--- head/sys/vm/vm_object.c Thu May 30 19:53:31 2013 (r251150)
+++ head/sys/vm/vm_object.c Thu May 30 20:00:19 2013 (r251151)
@@ -536,15 +536,15 @@ vm_object_deallocate(vm_object_t object)
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
vdrop(vp);
VM_OBJECT_WLOCK(object);
- if (object->type == OBJT_DEAD) {
+ if (object->type == OBJT_DEAD ||
+ object->ref_count != 1) {
VM_OBJECT_WUNLOCK(object);
VOP_UNLOCK(vp, 0);
return;
- } else if ((object->flags & OBJ_TMPFS) != 0) {
- if (object->ref_count == 1)
- VOP_UNSET_TEXT(vp);
- VOP_UNLOCK(vp, 0);
}
+ if ((object->flags & OBJ_TMPFS) != 0)
+ VOP_UNSET_TEXT(vp);
+ VOP_UNLOCK(vp, 0);
}
if (object->shadow_count == 0 &&
object->handle == NULL &&
More information about the svn-src-all
mailing list