diff options
author | tjr <tjr@FreeBSD.org> | 2003-05-01 06:41:59 +0000 |
---|---|---|
committer | tjr <tjr@FreeBSD.org> | 2003-05-01 06:41:59 +0000 |
commit | 854348219cbec2a43a8facd1a427afa41b75785f (patch) | |
tree | e56c1a64077a1cf2ab53cc660cb39b598c216195 /sys/ufs | |
parent | 0b639b63afb5753b00eef376d9e3619a64703c73 (diff) | |
download | FreeBSD-src-854348219cbec2a43a8facd1a427afa41b75785f.zip FreeBSD-src-854348219cbec2a43a8facd1a427afa41b75785f.tar.gz |
Do not attempt to free NULL dinodes (i_din1 or i_din2) in ffs_ifree().
These fields can be left as NULL if ffs_vget() allocates an inode but
fails before the dinode memory has been allocated. There are two cases
when this can occur: when we lose a race and another process has added
the inode to the hash, and when reading the inode off disk fails.
The bug was observed by Kris on one of the package-building machines.
See http://marc.theaimsgroup.com/?l=freebsd-current&m=105172731013411&w=2
In Kris's case, it was the bread() that failed because of a disk error.
The alternative to this patch is to ensure that ffs_vget() does not call
vput() when the inode that hasn't been properly initialised.
Diffstat (limited to 'sys/ufs')
-rw-r--r-- | sys/ufs/ffs/ffs_vfsops.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 3c7b045..f92aa2f 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -1540,9 +1540,9 @@ static void ffs_ifree(struct ufsmount *ump, struct inode *ip) { - if (ump->um_fstype == UFS1) + if (ump->um_fstype == UFS1 && ip->i_din1 != NULL) uma_zfree(uma_ufs1, ip->i_din1); - else + else if (ip->i_din2 != NULL) uma_zfree(uma_ufs2, ip->i_din2); uma_zfree(uma_inode, ip); } |