Fix incorrect double-termination of vm_object. When a vm_object is

terminated and flushes pending dirty pages it is possible for the object to be ref'd (0->1) and then deref'd (1->0) during termination. We do not terminate the object a second time. Document vop_stdgetvobject() to explicitly allow it to be called without the vnode interlock held (for upcoming sync_msync() and ffs_sync() performance optimizations) MFC after: 3 days
2001-10-23 01:23:41 +00:00 · 2001-10-23 01:23:41 +00:00 · 4f467cb8c1
commit 4f467cb8c1
parent c72ccd014d
1 changed files with 12 additions and 1 deletions
--- a/sys/kern/vfs_default.c
+++ b/sys/kern/vfs_default.c
@ -590,8 +590,11 @@ vop_stddestroyvobject(ap)
 		 * removes the primary reference to the object,
 		 * the second time goes one further and is a
 		 * special-case to terminate the object.
+		 *
+		 * don't double-terminate the object
 		 */
-		vm_object_terminate(obj);
+		if ((obj->flags & OBJ_DEAD) == 0)
+			vm_object_terminate(obj);
 	} else {
 		/*
 		 * Woe to the process that tries to page now :-).
@ -601,6 +604,14 @@ vop_stddestroyvobject(ap)
 	return (0);
 }

+/*
+ * Return the underlying VM object.  This routine may be called with or
+ * without the vnode interlock held.  If called without, the returned
+ * object is not guarenteed to be valid.  The syncer typically gets the
+ * object without holding the interlock in order to quickly test whether
+ * it might be dirty before going heavy-weight.  vm_object's use zalloc
+ * and thus stable-storage, so this is safe.
+ */
 int
 vop_stdgetvobject(ap)
 	struct vop_getvobject_args /* {