Author: kib
Date: Fri Dec 27 17:09:59 2013
New Revision: 259953
URL: http://svnweb.freebsd.org/changeset/base/259953
Log:
Fix accounting for the negative cache entries when reusing v_cache_dd.
Having ncneg diverge with the actual length of the ncneg tailq causes
NULL dereference.
Add assertion that an entry taken from ncneg queue is indeed negative.
Reported by and discussed with: avg
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Modified:
head/sys/kern/vfs_cache.c
Modified: head/sys/kern/vfs_cache.c
==============================================================================
--- head/sys/kern/vfs_cache.c Fri Dec 27 17:04:51 2013 (r259952)
+++ head/sys/kern/vfs_cache.c Fri Dec 27 17:09:59 2013 (r259953)
@@ -748,16 +748,20 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp
ncp->nc_flag & NCF_ISDOTDOT) {
KASSERT(ncp->nc_dvp == dvp,
("wrong isdotdot parent"));
- if (ncp->nc_vp != NULL)
+ if (ncp->nc_vp != NULL) {
TAILQ_REMOVE(&ncp->nc_vp->v_cache_dst,
ncp, nc_dst);
- else
+ } else {
TAILQ_REMOVE(&ncneg, ncp, nc_dst);
- if (vp != NULL)
+ numneg--;
+ }
+ if (vp != NULL) {
TAILQ_INSERT_HEAD(&vp->v_cache_dst,
ncp, nc_dst);
- else
+ } else {
TAILQ_INSERT_TAIL(&ncneg, ncp, nc_dst);
+ numneg++;
+ }
ncp->nc_vp = vp;
CACHE_WUNLOCK();
return;
@@ -893,6 +897,8 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp
}
if (numneg * ncnegfactor > numcache) {
ncp = TAILQ_FIRST(&ncneg);
+ KASSERT(ncp->nc_vp == NULL, ("ncp %p vp %p on ncneg",
+ ncp, ncp->nc_vp));
zap = 1;
}
if (hold)
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
