When ffs_realloccg() failed to allocate bigger fragment and, because

pending blocks are scheduled for removal, goes to retry the (re)allocation, clear the bp pointer. It might happen that meantime free space is really exhausted and we are entering nospace: label without bread()ing buffer, causing stale bp value to be brelse()d again. Tested by: pho (Producing a scenario to reliably reproduce the race appeared to be much harder then fixing the bug) MFC after: 1 week
author: kib <kib@FreeBSD.org> 2010-02-13 10:34:50 +0000
committer: kib <kib@FreeBSD.org> 2010-02-13 10:34:50 +0000
commit: d0682225715434663f5bf23fc0d7dadc6cd4cce2 (patch)
tree: cf89c67b868d52c01e233f119dc6a45bb1ec374c /sys/ufs/ffs
parent: 1d28f9d43424f80d4911dbc9825e2a5b2db49b9a (diff)
download: FreeBSD-src-d0682225715434663f5bf23fc0d7dadc6cd4cce2.zip
FreeBSD-src-d0682225715434663f5bf23fc0d7dadc6cd4cce2.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/ufs/ffs/ffs_alloc.c b/sys/ufs/ffs/ffs_alloc.c
index 36952cc..7bf1177 100644
--- a/sys/ufs/ffs/ffs_alloc.c
+++ b/sys/ufs/ffs/ffs_alloc.c
@@ -432,8 +432,10 @@ nospace:
 		reclaimed = 1;
 		softdep_request_cleanup(fs, vp);
 		UFS_UNLOCK(ump);
-		if (bp)
+		if (bp) {
 			brelse(bp);
+			bp = NULL;
+		}
 		UFS_LOCK(ump);
 		goto retry;
 	}
author	kib <kib@FreeBSD.org>	2010-02-13 10:34:50 +0000
committer	kib <kib@FreeBSD.org>	2010-02-13 10:34:50 +0000
commit	d0682225715434663f5bf23fc0d7dadc6cd4cce2 (patch)
tree	cf89c67b868d52c01e233f119dc6a45bb1ec374c /sys/ufs/ffs
parent	1d28f9d43424f80d4911dbc9825e2a5b2db49b9a (diff)
download	FreeBSD-src-d0682225715434663f5bf23fc0d7dadc6cd4cce2.zip FreeBSD-src-d0682225715434663f5bf23fc0d7dadc6cd4cce2.tar.gz