Author: kib
Date: Sat Feb 13 10:34:50 2010
New Revision: 203818
URL: http://svn.freebsd.org/changeset/base/203818
Log:
When ffs_realloccg() failed to allocate bigger fragment and, because
pending blocks are scheduled for removal, goes to retry the (re)allocation,
clear the bp pointer. It might happen that meantime free space is really
exhausted and we are entering nospace: label without bread()ing buffer,
causing stale bp value to be brelse()d again.
Tested by: pho
(Producing a scenario to reliably reproduce the
race appeared to be much harder then fixing the bug)
MFC after: 1 week
Modified:
head/sys/ufs/ffs/ffs_alloc.c
Modified: head/sys/ufs/ffs/ffs_alloc.c
==============================================================================
--- head/sys/ufs/ffs/ffs_alloc.c Sat Feb 13 10:26:00 2010
(r203817)
+++ head/sys/ufs/ffs/ffs_alloc.c Sat Feb 13 10:34:50 2010
(r203818)
@@ -432,8 +432,10 @@ nospace:
reclaimed = 1;
softdep_request_cleanup(fs, vp);
UFS_UNLOCK(ump);
- if (bp)
+ if (bp) {
brelse(bp);
+ bp = NULL;
+ }
UFS_LOCK(ump);
goto retry;
}
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
