Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Jan 2011 14:04:02 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r217824 - head/sys/kern
Message-ID:  <201101251404.p0PE42Bs035631@svn.freebsd.org>
index | next in thread | raw e-mail 

Author: kib
Date: Tue Jan 25 14:04:02 2011
New Revision: 217824
URL: http://svn.freebsd.org/changeset/base/217824

Log:
  When vtruncbuf() iterates over the vnode buffer list, lock buffer object
  before checking the validity of the next buffer pointer. Otherwise, the
  buffer might be reclaimed after the check, causing iteration to run into
  wrong buffer.
  
  Reported and tested by:	pho
  MFC after:	1 week

Modified:
  head/sys/kern/vfs_subr.c

Modified: head/sys/kern/vfs_subr.c
==============================================================================
--- head/sys/kern/vfs_subr.c	Tue Jan 25 14:00:30 2011	(r217823)
+++ head/sys/kern/vfs_subr.c	Tue Jan 25 14:04:02 2011	(r217824)
@@ -1337,13 +1337,14 @@ restart:
 			brelse(bp);
 			anyfreed = 1;
 
+			BO_LOCK(bo);
 			if (nbp != NULL &&
 			    (((nbp->b_xflags & BX_VNCLEAN) == 0) ||
 			    (nbp->b_vp != vp) ||
 			    (nbp->b_flags & B_DELWRI))) {
+				BO_UNLOCK(bo);
 				goto restart;
 			}
-			BO_LOCK(bo);
 		}
 
 		TAILQ_FOREACH_SAFE(bp, &bo->bo_dirty.bv_hd, b_bobufs, nbp) {
@@ -1360,13 +1361,15 @@ restart:
 			bp->b_flags &= ~B_ASYNC;
 			brelse(bp);
 			anyfreed = 1;
+
+			BO_LOCK(bo);
 			if (nbp != NULL &&
 			    (((nbp->b_xflags & BX_VNDIRTY) == 0) ||
 			    (nbp->b_vp != vp) ||
 			    (nbp->b_flags & B_DELWRI) == 0)) {
+				BO_UNLOCK(bo);
 				goto restart;
 			}
-			BO_LOCK(bo);
 		}
 	}
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101251404.p0PE42Bs035631>