From owner-svn-src-all@FreeBSD.ORG Tue Jun 23 10:55:21 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFE73106566C; Tue, 23 Jun 2009 10:55:21 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id DCF4E8FC1E; Tue, 23 Jun 2009 10:55:21 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n5NAtL91073971; Tue, 23 Jun 2009 10:55:21 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n5NAtLZo073968; Tue, 23 Jun 2009 10:55:21 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <200906231055.n5NAtLZo073968@svn.freebsd.org> From: Konstantin Belousov Date: Tue, 23 Jun 2009 10:55:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r194695 - in stable/7/sys: . contrib/pf kern sys X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jun 2009 10:55:22 -0000 Author: kib Date: Tue Jun 23 10:55:21 2009 New Revision: 194695 URL: http://svn.freebsd.org/changeset/base/194695 Log: MFC r192685: The advisory lock may be activated or activated and removed during the sleep waiting for conditions when the lock may be granted. To prevent lf_setlock() from accessing possibly freed memory, add reference counting to the struct lockf_entry. Bump refcount around the sleep. Make lf_free_lock() return non-zero when structure was freed, and use this after the sleep to return EINTR to the caller. The error code might need a clarification, but we cannot return success to usermode, since the lock is not owned anymore. Modified: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) stable/7/sys/kern/kern_lockf.c stable/7/sys/sys/lockf.h Modified: stable/7/sys/kern/kern_lockf.c ============================================================================== --- stable/7/sys/kern/kern_lockf.c Tue Jun 23 10:49:55 2009 (r194694) +++ stable/7/sys/kern/kern_lockf.c Tue Jun 23 10:55:21 2009 (r194695) @@ -106,7 +106,7 @@ static int lf_owner_matches(struct lock int); static struct lockf_entry * lf_alloc_lock(struct lock_owner *); -static void lf_free_lock(struct lockf_entry *); +static int lf_free_lock(struct lockf_entry *); static int lf_clearlock(struct lockf *, struct lockf_entry *); static int lf_overlaps(struct lockf_entry *, struct lockf_entry *); static int lf_blocks(struct lockf_entry *, struct lockf_entry *); @@ -347,9 +347,13 @@ lf_alloc_lock(struct lock_owner *lo) return (lf); } -static void +static int lf_free_lock(struct lockf_entry *lock) { + + KASSERT(lock->lf_refs > 0, ("lockf_entry negative ref count %p", lock)); + if (--lock->lf_refs > 0) + return (0); /* * Adjust the lock_owner reference count and * reclaim the entry if this is the last lock @@ -394,6 +398,7 @@ lf_free_lock(struct lockf_entry *lock) printf("Freed lock %p\n", lock); #endif free(lock, M_LOCKF); + return (1); } /* @@ -540,6 +545,7 @@ lf_advlockasync(struct vop_advlockasync_ * the lf_lock_owners_lock tax twice. */ lock = lf_alloc_lock(NULL); + lock->lf_refs = 1; lock->lf_start = start; lock->lf_end = end; lock->lf_owner = lo; @@ -1450,7 +1456,13 @@ lf_setlock(struct lockf *state, struct l goto out; } + lock->lf_refs++; error = sx_sleep(lock, &state->ls_lock, priority, lockstr, 0); + if (lf_free_lock(lock)) { + error = EINTR; + goto out; + } + /* * We may have been awakened by a signal and/or by a * debugger continuing us (in which cases we must @@ -1812,6 +1824,7 @@ lf_split(struct lockf *state, struct loc */ splitlock = lf_alloc_lock(lock1->lf_owner); memcpy(splitlock, lock1, sizeof *splitlock); + splitlock->lf_refs = 1; if (splitlock->lf_flags & F_REMOTE) vref(splitlock->lf_vnode); Modified: stable/7/sys/sys/lockf.h ============================================================================== --- stable/7/sys/sys/lockf.h Tue Jun 23 10:49:55 2009 (r194694) +++ stable/7/sys/sys/lockf.h Tue Jun 23 10:55:21 2009 (r194695) @@ -80,6 +80,7 @@ struct lockf_entry { LIST_ENTRY(lockf_entry) lf_link; /* (s) Linkage for lock lists */ struct lockf_edge_list lf_outedges; /* (s) list of out-edges */ struct lockf_edge_list lf_inedges; /* (s) list of out-edges */ + int lf_refs; /* (s) ref count */ }; LIST_HEAD(lockf_entry_list, lockf_entry);