svn commit: r275797 - stable/10/sys/kern
Konstantin Belousov
kib at FreeBSD.org
Mon Dec 15 11:00:57 UTC 2014
Author: kib
Date: Mon Dec 15 11:00:56 2014
New Revision: 275797
URL: https://svnweb.freebsd.org/changeset/base/275797
Log:
MFC r275619:
Check for bo_bufobj->bo_object for NULL and cache the value in local
variable to avoid NULL dereference in getnewbuf_reuse_bp(). The vnode
owning the buffer is not locked there.
Modified:
stable/10/sys/kern/vfs_bio.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/kern/vfs_bio.c
==============================================================================
--- stable/10/sys/kern/vfs_bio.c Mon Dec 15 10:58:02 2014 (r275796)
+++ stable/10/sys/kern/vfs_bio.c Mon Dec 15 11:00:56 2014 (r275797)
@@ -1852,15 +1852,18 @@ out:
static void
vfs_vmio_release(struct buf *bp)
{
- int i;
+ vm_object_t obj;
vm_page_t m;
+ int i;
if ((bp->b_flags & B_UNMAPPED) == 0) {
BUF_CHECK_MAPPED(bp);
pmap_qremove(trunc_page((vm_offset_t)bp->b_data), bp->b_npages);
} else
BUF_CHECK_UNMAPPED(bp);
- VM_OBJECT_WLOCK(bp->b_bufobj->bo_object);
+ obj = bp->b_bufobj->bo_object;
+ if (obj != NULL)
+ VM_OBJECT_WLOCK(obj);
for (i = 0; i < bp->b_npages; i++) {
m = bp->b_pages[i];
bp->b_pages[i] = NULL;
@@ -1885,7 +1888,8 @@ vfs_vmio_release(struct buf *bp)
vm_page_try_to_cache(m);
vm_page_unlock(m);
}
- VM_OBJECT_WUNLOCK(bp->b_bufobj->bo_object);
+ if (obj != NULL)
+ VM_OBJECT_WUNLOCK(obj);
if (bp->b_bufsize) {
bufspacewakeup();
More information about the svn-src-stable-10
mailing list