Close a race in biodone(), whereby the bio_done field of the passed

bio may have been freed and reassigned by the wakeup before being tested after releasing the bdonelock. There's a non-zero chance this is the cause of a few of the crashes knocking around with biodone() sitting in the stack backtrace. Reviewed By: phk@
svn path=/head/; revision=150705
2024-12-18 10:35:55 +00:00 · 2005-09-29 10:37:20 +00:00 · 2005-09-29 10:37:20 +00:00 · d41c4674c2 · 2020-12-20 02:59:44 +00:00
commit d41c4674c2
parent 0896d83c56
1 changed files with 5 additions and 3 deletions
--- a/sys/kern/vfs_bio.c
+++ b/sys/kern/vfs_bio.c
@ -2882,14 +2882,16 @@ allocbuf(struct buf *bp, int size)
 void
 biodone(struct bio *bp)
 {
+	void (*done)(struct bio *);

 	mtx_lock(&bdonelock);
 	bp->bio_flags |= BIO_DONE;
-	if (bp->bio_done == NULL)
+	done = bp->bio_done;
+	if (done == NULL)
 		wakeup(bp);
 	mtx_unlock(&bdonelock);
-	if (bp->bio_done != NULL)
-		bp->bio_done(bp);
+	if (done != NULL)
+		done(bp);
 }

 /*