Date: Sat, 13 Feb 2010 10:34:50 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r203818 - head/sys/ufs/ffs Message-ID: <201002131034.o1DAYoCc053656@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sat Feb 13 10:34:50 2010 New Revision: 203818 URL: http://svn.freebsd.org/changeset/base/203818 Log: When ffs_realloccg() failed to allocate bigger fragment and, because pending blocks are scheduled for removal, goes to retry the (re)allocation, clear the bp pointer. It might happen that meantime free space is really exhausted and we are entering nospace: label without bread()ing buffer, causing stale bp value to be brelse()d again. Tested by: pho (Producing a scenario to reliably reproduce the race appeared to be much harder then fixing the bug) MFC after: 1 week Modified: head/sys/ufs/ffs/ffs_alloc.c Modified: head/sys/ufs/ffs/ffs_alloc.c ============================================================================== --- head/sys/ufs/ffs/ffs_alloc.c Sat Feb 13 10:26:00 2010 (r203817) +++ head/sys/ufs/ffs/ffs_alloc.c Sat Feb 13 10:34:50 2010 (r203818) @@ -432,8 +432,10 @@ nospace: reclaimed = 1; softdep_request_cleanup(fs, vp); UFS_UNLOCK(ump); - if (bp) + if (bp) { brelse(bp); + bp = NULL; + } UFS_LOCK(ump); goto retry; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002131034.o1DAYoCc053656>