From b9f180d1de901f5c29584f10d18798b02accbcb8 Mon Sep 17 00:00:00 2001 From: Konstantin Belousov Date: Sun, 17 Jan 2010 21:26:14 +0000 Subject: [PATCH] When a vnode-backed vm object is referenced, it increments the vnode reference count, and decrements it on dereference. If referenced object is deallocated, object type is reset to OBJT_DEAD. Consequently, all vnode references that are owned by object references are never released. vunref() the vnode in vm object deallocation code for OBJT_VNODE appropriate number of times to prevent leak. Add an assertion to the vm_pageout() to make sure that we never get reference on the vnode but then do not execute code to release it. In collaboration with: pho Reviewed by: alc MFC after: 3 weeks --- sys/vm/vm_pageout.c | 2 ++ sys/vm/vnode_pager.c | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/vm/vm_pageout.c b/sys/vm/vm_pageout.c index 19edce173ff3..723b14d2175a 100644 --- a/sys/vm/vm_pageout.c +++ b/sys/vm/vm_pageout.c @@ -951,6 +951,8 @@ rescan0: vnodes_skipped++; goto unlock_and_continue; } + KASSERT(mp != NULL, + ("vp %p with NULL v_mount", vp)); vm_page_unlock_queues(); vm_object_reference_locked(object); VM_OBJECT_UNLOCK(object); diff --git a/sys/vm/vnode_pager.c b/sys/vm/vnode_pager.c index faa6f37f831e..179afbf9a1ed 100644 --- a/sys/vm/vnode_pager.c +++ b/sys/vm/vnode_pager.c @@ -250,13 +250,16 @@ static void vnode_pager_dealloc(object) vm_object_t object; { - struct vnode *vp = object->handle; + struct vnode *vp; + int refs; + vp = object->handle; if (vp == NULL) panic("vnode_pager_dealloc: pager already dealloced"); VM_OBJECT_LOCK_ASSERT(object, MA_OWNED); vm_object_pip_wait(object, "vnpdea"); + refs = object->ref_count; object->handle = NULL; object->type = OBJT_DEAD; @@ -267,6 +270,8 @@ vnode_pager_dealloc(object) ASSERT_VOP_ELOCKED(vp, "vnode_pager_dealloc"); vp->v_object = NULL; vp->v_vflag &= ~VV_TEXT; + while (refs-- > 0) + vunref(vp); } static boolean_t