Module Name: src
Committed By: sborrill
Date: Wed Jan 27 21:26:45 UTC 2010
Modified Files:
src/sys/ufs/ufs [netbsd-5]: ufs_quota.c
Log Message:
Pull up the following revisions(s) (requested by bouyer in ticket #1252):
sys/ufs/ufs/ufs_quota.c: revision 1.65
vclean() actually sets v_tag to VT_NON but doesn't touch v_type.
getcleanvnode() sets v_type to VNON after releasing v_interlock.
So the thread doing quotaon(), quotaoff() or qsync() could vget()
a vnode which is being recycled in getcleanvnode(), after it has
been cleaned and v_interlock released, but before v_type has been
reset, leading to KASSERT(vp->v_usecount == 1) firing in
getnewvnode(), or qsync() dereferencing a NULL pointer as in
PR kern/42205.
Fix by using the same tests as other ffs functions traversing the mount
list: also check for VTOI(vp) == NULL, and VI_XLOCK in addition
to VI_CLEAN.
To generate a diff of this commit:
cvs rdiff -u -r1.60.10.3 -r1.60.10.4 src/sys/ufs/ufs/ufs_quota.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
