Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/ufs/ufs in ufsdirhash_free(), only examine dh->dh_onlist...



details:   https://anonhg.NetBSD.org/src/rev/c39c393f8865
branches:  trunk
changeset: 1008003:c39c393f8865
user:      chs <chs%NetBSD.org@localhost>
date:      Sun Mar 08 00:23:59 2020 +0000

description:
in ufsdirhash_free(), only examine dh->dh_onlist after taking the
dirhashlist lock.  if we skip the lock then we might see that
dh_onlist is zero while ufsdirhash_recycle() is still working on
the dirhash.  the symptom I saw was that ufsdirhash_free() would
try to destroy the dh_lock mutex while it was still held.

diffstat:

 sys/ufs/ufs/ufs_dirhash.c |  14 ++++++--------
 1 files changed, 6 insertions(+), 8 deletions(-)

diffs (35 lines):

diff -r ae9f5390f384 -r c39c393f8865 sys/ufs/ufs/ufs_dirhash.c
--- a/sys/ufs/ufs/ufs_dirhash.c Sun Mar 08 00:18:41 2020 +0000
+++ b/sys/ufs/ufs/ufs_dirhash.c Sun Mar 08 00:23:59 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ufs_dirhash.c,v 1.37 2014/12/20 00:28:05 christos Exp $        */
+/*     $NetBSD: ufs_dirhash.c,v 1.38 2020/03/08 00:23:59 chs Exp $     */
 
 /*
  * Copyright (c) 2001, 2002 Ian Dowse.  All rights reserved.
@@ -28,7 +28,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_dirhash.c,v 1.37 2014/12/20 00:28:05 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_dirhash.c,v 1.38 2020/03/08 00:23:59 chs Exp $");
 
 /*
  * This implements a hash-based lookup scheme for UFS directories.
@@ -285,12 +285,10 @@
 
        ip->i_dirhash = NULL;
 
-       if (dh->dh_onlist) {
-               DIRHASHLIST_LOCK();
-               if (dh->dh_onlist)
-                       TAILQ_REMOVE(&ufsdirhash_list, dh, dh_list);
-               DIRHASHLIST_UNLOCK();
-       }
+       DIRHASHLIST_LOCK();
+       if (dh->dh_onlist)
+               TAILQ_REMOVE(&ufsdirhash_list, dh, dh_list);
+       DIRHASHLIST_UNLOCK();
 
        /* The dirhash pointed to by 'dh' is exclusively ours now. */
        mem = sizeof(*dh);



Home | Main Index | Thread Index | Old Index