Date: Thu, 16 Jun 2005 23:49:27 -0700 From: "David O'Brien" <obrien@FreeBSD.org> To: Jeff Roberson <jeff@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern vfs_cache.c Message-ID: <20050617064927.GA948@dragon.NUXI.org> In-Reply-To: <200506170105.j5H15EhR075282@repoman.freebsd.org> References: <200506170105.j5H15EhR075282@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 17, 2005 at 01:05:13AM +0000, Jeff Roberson wrote: > Log: > - Fix a leaked reference to a vnode via v_dd. We rely on cache_purge() and > cache_zap() to clear the v_dd pointers when a directory vnode is forcibly > discarded. For this to work, all vnodes with v_dd pointers to a directory > must also have name cache entries linked via v_cache_dst to that dvp > otherwise we could not find them at cache_purge() time. The following > code snipit could break this guarantee by unlinking a directory before > fetching it's dotdot. The dotdot lookup would initialize the v_dd field > of the unlinked directory which could never be cleared. To fix this > we don't initialize v_dd for orphaned vnodes. > printf("rmdir: %d\n", rmdir("../foo")); /* foo is cwd */ > printf("chdir: %d\n", chdir("..")); > printf("%s\n", getwd(NULL)); > > Discovered by: kkenn Isn't this the same bug Peter discovered back in April at USENIX (via Kmail). I thought this bug was fixed. -- -- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050617064927.GA948>