PR/42205 CVS commit: [netbsd-5] src/sys/ufs/ufs

[Stephen Borrill <sborrill%netbsd.org@localhost>]

The following reply was made to PR kern/42205; it has been noted by GNATS.

From: Stephen Borrill <sborrill%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/42205 CVS commit: [netbsd-5] src/sys/ufs/ufs
Date: Wed, 27 Jan 2010 21:26:45 +0000

 Module Name:   src
 Committed By:  sborrill
 Date:          Wed Jan 27 21:26:45 UTC 2010
 
 Modified Files:
        src/sys/ufs/ufs [netbsd-5]: ufs_quota.c
 
 Log Message:
 Pull up the following revisions(s) (requested by bouyer in ticket #1252):
        sys/ufs/ufs/ufs_quota.c:        revision 1.65
 
 vclean() actually sets v_tag to VT_NON but doesn't touch v_type.
 getcleanvnode() sets v_type to VNON after releasing v_interlock.
 So the thread doing quotaon(), quotaoff() or qsync() could vget()
 a vnode which is being recycled in getcleanvnode(), after it has
 been cleaned and v_interlock released, but before v_type has been
 reset, leading to KASSERT(vp->v_usecount == 1) firing in
 getnewvnode(), or qsync() dereferencing a NULL pointer as in
 PR kern/42205.
 Fix by using the same tests as other ffs functions traversing the mount
 list: also check for VTOI(vp) == NULL, and VI_XLOCK in addition
 to VI_CLEAN.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.60.10.3 -r1.60.10.4 src/sys/ufs/ufs/ufs_quota.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.