From d41c4674c28b19538f519ff6676e1e757c890d99 Mon Sep 17 00:00:00 2001 From: Peter Edwards Date: Thu, 29 Sep 2005 10:37:20 +0000 Subject: [PATCH] Close a race in biodone(), whereby the bio_done field of the passed bio may have been freed and reassigned by the wakeup before being tested after releasing the bdonelock. There's a non-zero chance this is the cause of a few of the crashes knocking around with biodone() sitting in the stack backtrace. Reviewed By: phk@ --- sys/kern/vfs_bio.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c index 66cfa1e85ade..80e4d1077266 100644 --- a/sys/kern/vfs_bio.c +++ b/sys/kern/vfs_bio.c @@ -2882,14 +2882,16 @@ allocbuf(struct buf *bp, int size) void biodone(struct bio *bp) { + void (*done)(struct bio *); mtx_lock(&bdonelock); bp->bio_flags |= BIO_DONE; - if (bp->bio_done == NULL) + done = bp->bio_done; + if (done == NULL) wakeup(bp); mtx_unlock(&bdonelock); - if (bp->bio_done != NULL) - bp->bio_done(bp); + if (done != NULL) + done(bp); } /*