Do not vdrop() the tmpfs vnode until it is unlocked. The hold
reference might be the last, and then vdrop() would free the vnode. Reported and tested by: bdrewery MFC after: 1 week
This commit is contained in:
kib
parent
d734bed796
commit
e4111a6b71
@ -536,17 +536,18 @@ vm_object_deallocate(vm_object_t object)
|
||||
vhold(vp);
|
||||
VM_OBJECT_WUNLOCK(object);
|
||||
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
|
||||
vdrop(vp);
|
||||
VM_OBJECT_WLOCK(object);
|
||||
if (object->type == OBJT_DEAD ||
|
||||
object->ref_count != 1) {
|
||||
VM_OBJECT_WUNLOCK(object);
|
||||
VOP_UNLOCK(vp, 0);
|
||||
vdrop(vp);
|
||||
return;
|
||||
}
|
||||
if ((object->flags & OBJ_TMPFS) != 0)
|
||||
VOP_UNSET_TEXT(vp);
|
||||
VOP_UNLOCK(vp, 0);
|
||||
vdrop(vp);
|
||||
}
|
||||
if (object->shadow_count == 0 &&
|
||||
object->handle == NULL &&
|
||||
|
||||
Loading…
Reference in New Issue
Block a user