d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix accounting for the negative cache entries when reusing v_cache_dd.

Browse Source 
Having ncneg diverge with the actual length of the ncneg tailq causes
NULL dereference.

Add assertion that an entry taken from ncneg queue is indeed negative.

Reported by and discussed with:	avg
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2013-12-27 17:09:59 +00:00
parent e136eac224
commit fe20047039
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/kern/vfs_cache.c
View File

@ -748,16 +748,20 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp)
ncp->nc_flag & NCF_ISDOTDOT) {
KASSERT(ncp->nc_dvp == dvp,
("wrong isdotdot parent"));
if (ncp->nc_vp != NULL)
if (ncp->nc_vp != NULL) {
TAILQ_REMOVE(&ncp->nc_vp->v_cache_dst,
ncp, nc_dst);
else
} else {
TAILQ_REMOVE(&ncneg, ncp, nc_dst);
if (vp != NULL)
numneg--;
}
if (vp != NULL) {
TAILQ_INSERT_HEAD(&vp->v_cache_dst,
ncp, nc_dst);
else
} else {
TAILQ_INSERT_TAIL(&ncneg, ncp, nc_dst);
numneg++;
}
ncp->nc_vp = vp;
CACHE_WUNLOCK();
return;
@ -893,6 +897,8 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp)
}
if (numneg * ncnegfactor > numcache) {
ncp = TAILQ_FIRST(&ncneg);
KASSERT(ncp->nc_vp == NULL, ("ncp %p vp %p on ncneg",
ncp, ncp->nc_vp));
zap = 1;
}
if (hold)