system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-09-06 17:18:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

softdep_flush(): do not access ump after we acked FLUSH_EXIT and unlocked SU lock

Browse source 
otherwise we might follow a pointer in the freed memory.

Reviewed by:	mckusick
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D29178
This commit is contained in:
Konstantin Belousov 2021-03-01 00:45:04 +02:00
parent 7c7a6681fa
commit fabbc3d879
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
sys/ufs/ffs/ffs_softdep.c
View file

@ -1569,6 +1569,7 @@ softdep_flush(addr)
struct mount *mp;
struct thread *td;
struct ufsmount *ump;
int cleanups;
td = curthread;
td->td_pflags |= TDP_NORUNNINGBUF;
@ -1603,10 +1604,14 @@ softdep_flush(addr)
continue;
}
ump->softdep_flags &= ~FLUSH_EXIT;
cleanups = ump->um_softdep->sd_cleanups;
FREE_LOCK(ump);
wakeup(&ump->softdep_flags);
if (print_threads)
printf("Stop thread %s: searchfailed %d, did cleanups %d\n", td->td_name, searchfailed, ump->um_softdep->sd_cleanups);
if (print_threads) {
printf("Stop thread %s: searchfailed %d, "
"did cleanups %d\n",
td->td_name, searchfailed, cleanups);
}
atomic_subtract_int(&stat_flush_threads, 1);
kthread_exit();
panic("kthread_exit failed\n");