Module Name: src
Committed By: bouyer
Date: Fri Jan 15 19:46:35 UTC 2010
Modified Files:
src/sys/ufs/ufs: ufs_quota.c
Log Message:
vclean() actually sets v_tag to VT_NON but doesn't touch v_type.
getcleanvnode() sets v_type to VNON after releasing v_interlock.
So the thread doing quotaon(), quotaoff() or qsync() could vget()
a vnode which is being recycled in getcleanvnode(), after is has
been cleaned and v_interlock released, but before v_type has been
reset, leading to KASSERT(vp->v_usecount == 1) firing in
getnewvnode(), or qsync() dereferending a NULL pointer as in
PR kern/42205.
Fix by using the same tests as other ffs function traversing the mount
list: also check for VTOI(vp) == NULL, and VI_XLOCK in addition
to VI_CLEAN.
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 src/sys/ufs/ufs/ufs_quota.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
