PR/42205 CVS commit: src/sys/ufs/ufs

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,6bone%6bone.informatik.uni-leipzig.de@localhost
Subject: PR/42205 CVS commit: src/sys/ufs/ufs
From: Manuel Bouyer <bouyer%netbsd.org@localhost>
Date: Fri, 15 Jan 2010 19:50:05 +0000 (UTC)

The following reply was made to PR kern/42205; it has been noted by GNATS.

From: Manuel Bouyer <bouyer%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/42205 CVS commit: src/sys/ufs/ufs
Date: Fri, 15 Jan 2010 19:46:35 +0000

 Module Name:   src
 Committed By:  bouyer
 Date:          Fri Jan 15 19:46:35 UTC 2010

 Modified Files:
        src/sys/ufs/ufs: ufs_quota.c

 Log Message:
 vclean() actually sets v_tag to VT_NON but doesn't touch v_type.
 getcleanvnode() sets v_type to VNON after releasing v_interlock.
 So the thread doing quotaon(), quotaoff() or qsync() could vget()
 a vnode which is being recycled in getcleanvnode(), after is has
 been cleaned and v_interlock released, but before v_type has been
 reset, leading to KASSERT(vp->v_usecount == 1) firing in
 getnewvnode(), or qsync() dereferending a NULL pointer as in
 PR kern/42205.
 Fix by using the same tests as other ffs function traversing the mount
 list: also check for VTOI(vp) == NULL, and VI_XLOCK in addition
 to VI_CLEAN.

 To generate a diff of this commit:
 cvs rdiff -u -r1.64 -r1.65 src/sys/ufs/ufs/ufs_quota.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: Re: toolchain/42470 (tools doesn't build on FreeBSD 7.2)
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: toolchain/42470 (tools doesn't build on FreeBSD 7.2)
Next by Thread: port-amd64/42626: interrupt storm if booting with mulitple CPUs
Indexes:

Home | Main Index | Thread Index | Old Index