Do not attempt to free NULL dinodes (i_din1 or i_din2) in ffs_ifree().
These fields can be left as NULL if ffs_vget() allocates an inode but fails before the dinode memory has been allocated. There are two cases when this can occur: when we lose a race and another process has added the inode to the hash, and when reading the inode off disk fails. The bug was observed by Kris on one of the package-building machines. See http://marc.theaimsgroup.com/?l=freebsd-current&m=105172731013411&w=2 In Kris's case, it was the bread() that failed because of a disk error. The alternative to this patch is to ensure that ffs_vget() does not call vput() when the inode that hasn't been properly initialised.
This commit is contained in:
tjr
parent
0b639b63af
commit
854348219c
@ -1540,9 +1540,9 @@ static void
|
||||
ffs_ifree(struct ufsmount *ump, struct inode *ip)
|
||||
{
|
||||
|
||||
if (ump->um_fstype == UFS1)
|
||||
if (ump->um_fstype == UFS1 && ip->i_din1 != NULL)
|
||||
uma_zfree(uma_ufs1, ip->i_din1);
|
||||
else
|
||||
else if (ip->i_din2 != NULL)
|
||||
uma_zfree(uma_ufs2, ip->i_din2);
|
||||
uma_zfree(uma_inode, ip);
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user