d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

When ffs_realloccg() failed to allocate bigger fragment and, because

Browse Source 
pending blocks are scheduled for removal, goes to retry the (re)allocation,
clear the bp pointer. It might happen that meantime free space is really
exhausted and we are entering nospace: label without bread()ing buffer,
causing stale bp value to be brelse()d again.

Tested by:	pho
    (Producing a scenario to reliably reproduce the
     race appeared to be much harder then fixing the bug)
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2010-02-13 10:34:50 +00:00
parent 384e3c00a0
commit 2950ff259c
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/ufs/ffs/ffs_alloc.c
View File

@ -432,8 +432,10 @@ nospace:
reclaimed = 1;
softdep_request_cleanup(fs, vp);
UFS_UNLOCK(ump);
if (bp)
if (bp) {
brelse(bp);
bp = NULL;
}
UFS_LOCK(ump);
goto retry;
}