diff options
| author | alc <alc@FreeBSD.org> | 2003-08-22 17:50:32 +0000 |
|---|---|---|
| committer | alc <alc@FreeBSD.org> | 2003-08-22 17:50:32 +0000 |
| commit | 62095d65632635f739e1e00541d28d6475864f3e (patch) | |
| tree | d4d8792089432d2605278d213b19865ac0d0225a /sys/fs/specfs | |
| parent | f62e7b4be7705785731764278b48512c7d2c8942 (diff) | |
| download | FreeBSD-src-62095d65632635f739e1e00541d28d6475864f3e.zip FreeBSD-src-62095d65632635f739e1e00541d28d6475864f3e.tar.gz | |
Use the requested page's object field instead of the vnode's. In some
cases, the vnode's object field is not initialized leading to a NULL
pointer dereference when the object is locked.
Tested by: rwatson
Diffstat (limited to 'sys/fs/specfs')
| -rw-r--r-- | sys/fs/specfs/spec_vnops.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/fs/specfs/spec_vnops.c b/sys/fs/specfs/spec_vnops.c index 9ce6c92..d947b9b 100644 --- a/sys/fs/specfs/spec_vnops.c +++ b/sys/fs/specfs/spec_vnops.c @@ -765,7 +765,10 @@ spec_getpages(ap) pmap_qremove(kva, pcount); gotreqpage = 0; - VM_OBJECT_LOCK(vp->v_object); + /* + * While the page is busy, its object field is immutable. + */ + VM_OBJECT_LOCK(ap->a_m[ap->a_reqpage]->object); vm_page_lock_queues(); for (i = 0, toff = 0; i < pcount; i++, toff = nextoff) { nextoff = toff + PAGE_SIZE; @@ -818,7 +821,7 @@ spec_getpages(ap) } } vm_page_unlock_queues(); - VM_OBJECT_UNLOCK(vp->v_object); + VM_OBJECT_UNLOCK(ap->a_m[ap->a_reqpage]->object); if (!gotreqpage) { m = ap->a_m[ap->a_reqpage]; printf( |
