In rev. 1.514, iodone on async buffer may happen before code checks the

vnode v_flag. For cluster buffers this would result in dereferencing NULL b_vp. To prevent the panic, cache relevant vnode flag before calling bstrategy. Reported by: Peter Holm, kris Tested by: Peter Holm Reviewed by: tegge Pointy hat to: kib
2006-12-20 09:22:31 +00:00 · 2006-12-20 09:22:31 +00:00 · cc570216bb
commit cc570216bb
parent 6d3d33dd7a
1 changed files with 9 additions and 2 deletions
--- a/sys/kern/vfs_bio.c
+++ b/sys/kern/vfs_bio.c
@ -816,6 +816,8 @@ int
 bufwrite(struct buf *bp)
 {
 	int oldflags;
+	struct vnode *vp;
+	int vp_md;

 	CTR3(KTR_BUF, "bufwrite(%p) vp %p flags %X", bp, bp->b_vp, bp->b_flags);
 	if (bp->b_flags & B_INVAL) {
@ -834,6 +836,12 @@ bufwrite(struct buf *bp)
 	KASSERT(!(bp->b_vflags & BV_BKGRDINPROG),
 	    ("FFS background buffer should not get here %p", bp));

+	vp = bp->b_vp;
+	if (vp)
+		vp_md = vp->v_vflag & VV_MD;
+	else
+		vp_md = 0;
+
 	/* Mark the buffer clean */
 	bundirty(bp);

@ -871,8 +879,7 @@ bufwrite(struct buf *bp)
 		 * or syncer daemon trying to clean up as that can lead
 		 * to deadlock.
 		 */
-		if ((curthread->td_pflags & TDP_NORUNNINGBUF) == 0 &&
-		    (bp->b_vp->v_vflag & VV_MD) == 0)
+		if ((curthread->td_pflags & TDP_NORUNNINGBUF) == 0 && !vp_md)
 			waitrunningbufspace();
 	}