softdep_flush(): do not access ump after we acked FLUSH_EXIT and unlocked SU lock
otherwise we might follow a pointer in the freed memory. Reviewed by: mckusick Tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D29178
This commit is contained in:
parent
7c7a6681fa
commit
fabbc3d879
@ -1569,6 +1569,7 @@ softdep_flush(addr)
|
||||
struct mount *mp;
|
||||
struct thread *td;
|
||||
struct ufsmount *ump;
|
||||
int cleanups;
|
||||
|
||||
td = curthread;
|
||||
td->td_pflags |= TDP_NORUNNINGBUF;
|
||||
@ -1603,10 +1604,14 @@ softdep_flush(addr)
|
||||
continue;
|
||||
}
|
||||
ump->softdep_flags &= ~FLUSH_EXIT;
|
||||
cleanups = ump->um_softdep->sd_cleanups;
|
||||
FREE_LOCK(ump);
|
||||
wakeup(&ump->softdep_flags);
|
||||
if (print_threads)
|
||||
printf("Stop thread %s: searchfailed %d, did cleanups %d\n", td->td_name, searchfailed, ump->um_softdep->sd_cleanups);
|
||||
if (print_threads) {
|
||||
printf("Stop thread %s: searchfailed %d, "
|
||||
"did cleanups %d\n",
|
||||
td->td_name, searchfailed, cleanups);
|
||||
}
|
||||
atomic_subtract_int(&stat_flush_threads, 1);
|
||||
kthread_exit();
|
||||
panic("kthread_exit failed\n");
|
||||
|
Loading…
Reference in New Issue
Block a user