Commit fabbc3d8 authored by Konstantin Belousov's avatar Konstantin Belousov
Browse files

softdep_flush(): do not access ump after we acked FLUSH_EXIT and unlocked SU lock

otherwise we might follow a pointer in the freed memory.

Reviewed by:	mckusick
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D29178
parent 7c7a6681
......@@ -1569,6 +1569,7 @@ softdep_flush(addr)
struct mount *mp;
struct thread *td;
struct ufsmount *ump;
int cleanups;
td = curthread;
td->td_pflags |= TDP_NORUNNINGBUF;
......@@ -1603,10 +1604,14 @@ softdep_flush(addr)
continue;
}
ump->softdep_flags &= ~FLUSH_EXIT;
cleanups = ump->um_softdep->sd_cleanups;
FREE_LOCK(ump);
wakeup(&ump->softdep_flags);
if (print_threads)
printf("Stop thread %s: searchfailed %d, did cleanups %d\n", td->td_name, searchfailed, ump->um_softdep->sd_cleanups);
if (print_threads) {
printf("Stop thread %s: searchfailed %d, "
"did cleanups %d\n",
td->td_name, searchfailed, cleanups);
}
atomic_subtract_int(&stat_flush_threads, 1);
kthread_exit();
panic("kthread_exit failed\n");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment