Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Apr 1997 07:30:04 -0800 (PST)
From:      Tor Egge <Tor.Egge@idi.ntnu.no>
To:        freebsd-bugs
Subject:   Re: kern/3184: vnodes are used after they are freed.
Message-ID:  <199704031530.HAA27623@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

The following reply was made to PR kern/3184; it has been noted by GNATS.

From: Tor Egge <Tor.Egge@idi.ntnu.no>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  Subject: Re: kern/3184: vnodes are used after they are freed.
Date: Thu, 03 Apr 1997 17:21:56 +0200

 I wrote:
 > >Fix:
 > 
 > Insert the vnode onto the freelist AFTER having called VOP_INACTIVE.
 >
 > Untested (but compileable) diff:
 	
 A magic number was needed to avoid instant crashes.
 
 Index: vfs_subr.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/kern/vfs_subr.c,v
 retrieving revision 1.81
 diff -c -r1.81 vfs_subr.c
 *** vfs_subr.c	1997/04/01 13:05:34	1.81
 --- vfs_subr.c	1997/04/03 16:31:00
 ***************
 *** 1049,1066 ****
   #endif
   		panic("vputrele: negative ref cnt");
   	}
 ! 	simple_lock(&vnode_free_list_slock);
 ! 	if (vp->v_flag & VAGE) {
 ! 		vp->v_flag &= ~VAGE;
 ! 		vp->v_usage = 0;
 ! 		if(vp->v_tag != VT_TFS)
 ! 			TAILQ_INSERT_HEAD(&vnode_free_list, vp, v_freelist);
 ! 	} else {
 ! 		if(vp->v_tag != VT_TFS)
 ! 			TAILQ_INSERT_TAIL(&vnode_free_list, vp, v_freelist);
 ! 	}
 ! 	freevnodes++;
 ! 	simple_unlock(&vnode_free_list_slock);
   
   	/*
   	 * If we are doing a vput, the node is already locked, and we must
 --- 1049,1056 ----
   #endif
   		panic("vputrele: negative ref cnt");
   	}
 ! 	/* see comment on why 0xdeadb is set at end of vgone (below) */
 ! 	vp->v_freelist.tqe_prev = (struct vnode **) 0xdeadb;
   
   	/*
   	 * If we are doing a vput, the node is already locked, and we must
 ***************
 *** 1073,1078 ****
 --- 1063,1081 ----
   	} else if (vn_lock(vp, LK_EXCLUSIVE | LK_INTERLOCK, p) == 0) {
   		VOP_INACTIVE(vp, p);
   	}
 + 
 + 	simple_lock(&vnode_free_list_slock);
 + 	if (vp->v_flag & VAGE) {
 + 		vp->v_flag &= ~VAGE;
 + 		vp->v_usage = 0;
 + 		if(vp->v_tag != VT_TFS)
 + 			TAILQ_INSERT_HEAD(&vnode_free_list, vp, v_freelist);
 + 	} else {
 + 		if(vp->v_tag != VT_TFS)
 + 			TAILQ_INSERT_TAIL(&vnode_free_list, vp, v_freelist);
 + 	}
 + 	freevnodes++;
 + 	simple_unlock(&vnode_free_list_slock);
   }
   
   /*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704031530.HAA27623>