Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 17 Jan 2010 21:26:15 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r202529 - head/sys/vm
Message-ID:  <201001172126.o0HLQFkQ050252@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kib
Date: Sun Jan 17 21:26:14 2010
New Revision: 202529
URL: http://svn.freebsd.org/changeset/base/202529

Log:
  When a vnode-backed vm object is referenced, it increments the vnode
  reference count, and decrements it on dereference. If referenced object
  is deallocated, object type is reset to OBJT_DEAD. Consequently, all
  vnode references that are owned by object references are never released.
  vunref() the vnode in vm object deallocation code for OBJT_VNODE
  appropriate number of times to prevent leak.
  
  Add an assertion to the vm_pageout() to make sure that we never get
  reference on the vnode but then do not execute code to release it.
  
  In collaboration with:	pho
  Reviewed by:	alc
  MFC after:	3 weeks

Modified:
  head/sys/vm/vm_pageout.c
  head/sys/vm/vnode_pager.c

Modified: head/sys/vm/vm_pageout.c
==============================================================================
--- head/sys/vm/vm_pageout.c	Sun Jan 17 21:24:27 2010	(r202528)
+++ head/sys/vm/vm_pageout.c	Sun Jan 17 21:26:14 2010	(r202529)
@@ -951,6 +951,8 @@ rescan0:
 						vnodes_skipped++;
 					goto unlock_and_continue;
 				}
+				KASSERT(mp != NULL,
+				    ("vp %p with NULL v_mount", vp));
 				vm_page_unlock_queues();
 				vm_object_reference_locked(object);
 				VM_OBJECT_UNLOCK(object);

Modified: head/sys/vm/vnode_pager.c
==============================================================================
--- head/sys/vm/vnode_pager.c	Sun Jan 17 21:24:27 2010	(r202528)
+++ head/sys/vm/vnode_pager.c	Sun Jan 17 21:26:14 2010	(r202529)
@@ -250,13 +250,16 @@ static void
 vnode_pager_dealloc(object)
 	vm_object_t object;
 {
-	struct vnode *vp = object->handle;
+	struct vnode *vp;
+	int refs;
 
+	vp = object->handle;
 	if (vp == NULL)
 		panic("vnode_pager_dealloc: pager already dealloced");
 
 	VM_OBJECT_LOCK_ASSERT(object, MA_OWNED);
 	vm_object_pip_wait(object, "vnpdea");
+	refs = object->ref_count;
 
 	object->handle = NULL;
 	object->type = OBJT_DEAD;
@@ -267,6 +270,8 @@ vnode_pager_dealloc(object)
 	ASSERT_VOP_ELOCKED(vp, "vnode_pager_dealloc");
 	vp->v_object = NULL;
 	vp->v_vflag &= ~VV_TEXT;
+	while (refs-- > 0)
+		vunref(vp);
 }
 
 static boolean_t

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001172126.o0HLQFkQ050252>