From 5d2850ae03b3aae3b966028ceb9b1b04c7093197 Mon Sep 17 00:00:00 2001 From: snb Date: Thu, 25 Jun 2009 20:40:13 +0000 Subject: [PATCH] Fix a bug reported by pho@ where one can induce a panic by decreasing vfs.ufs.dirhash_maxmem below the current amount of memory used by dirhash. When ufsdirhash_build() is called with the memory in use greater than dirhash_maxmem, it attempts to free up memory by calling ufsdirhash_recycle(). If successful in freeing enough memory, ufsdirhash_recycle() leaves the dirhash list locked. But at this point in ufsdirhash_build(), the list is not explicitly unlocked after the call(s) to ufsdirhash_recycle(). When we next attempt to lock the dirhash list, we will get a "panic: _mtx_lock_sleep: recursed on non-recursive mutex dirhash list". Tested by: pho Approved by: dwmalone (mentor) MFC after: 3 weeks --- sys/ufs/ufs/ufs_dirhash.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/ufs/ufs/ufs_dirhash.c b/sys/ufs/ufs/ufs_dirhash.c index 7f801af10f9f..e18b8387e4cd 100644 --- a/sys/ufs/ufs/ufs_dirhash.c +++ b/sys/ufs/ufs/ufs_dirhash.c @@ -348,9 +348,12 @@ ufsdirhash_build(struct inode *ip) int dirblocks, i, j, memreqd, nblocks, narrays, nslots, slot; /* Take care of a decreased sysctl value. */ - while (ufs_dirhashmem > ufs_dirhashmaxmem) + while (ufs_dirhashmem > ufs_dirhashmaxmem) { if (ufsdirhash_recycle(0) != 0) return (-1); + /* Recycled enough memory, so unlock the list. */ + DIRHASHLIST_UNLOCK(); + } /* Check if we can/should use dirhash. */ if (ip->i_size < ufs_mindirhashsize || OFSFMT(ip->i_vnode) ||