diff options
| author | Konstantin Belousov <kib@FreeBSD.org> | 2014-12-08 16:42:34 +0000 |
|---|---|---|
| committer | Konstantin Belousov <kib@FreeBSD.org> | 2014-12-08 16:42:34 +0000 |
| commit | 904ed548bb9f163a07ac56ce47b8b14b43a42c70 (patch) | |
| tree | 52db55840d8f50b84b63536fb7879df7e583f001 /sys/sys/mount.h | |
| parent | f87c8878e6d8b0b8cfc898357be34644776894b7 (diff) | |
| download | src-904ed548bb9f163a07ac56ce47b8b14b43a42c70.tar.gz src-904ed548bb9f163a07ac56ce47b8b14b43a42c70.zip | |
When getnewbuf_reuse_bp() is called to reclaim some (clean) buffer,
the vnode owning the buffer is not locked. More, it cannot be locked
safely, since getnewbuf_reuse_bp() is called from newbuf(), and some
other vnode is already locked, for which reused buffer will be
reassigned.
As the consequence, reclamation of the owning vnode could go in
parallel, in particular, the call to vnode_destroy_vobject(), which
deallocates the vm object and zeroes the v_bufobj->bo_object. Note
that the pages wired by the buffer are left wired and can be safely
freed by the vfs_vmio_release() without the need for the vm object
lock. Also, seeing stale pointer to the v_object is safe due to vm
object type stability.
Check for bo_bufobj != NULL and cache the value in local variable to
avoid trying to lock NULL vm object.
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=275619
Diffstat (limited to 'sys/sys/mount.h')
0 files changed, 0 insertions, 0 deletions