1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-14 14:55:41 +00:00

Fix accounting for the negative cache entries when reusing v_cache_dd.

Having ncneg diverge with the actual length of the ncneg tailq causes
NULL dereference.

Add assertion that an entry taken from ncneg queue is indeed negative.

Reported by and discussed with:	avg
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2013-12-27 17:09:59 +00:00
parent e136eac224
commit fe20047039
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=259953

View File

@ -748,16 +748,20 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp)
ncp->nc_flag & NCF_ISDOTDOT) {
KASSERT(ncp->nc_dvp == dvp,
("wrong isdotdot parent"));
if (ncp->nc_vp != NULL)
if (ncp->nc_vp != NULL) {
TAILQ_REMOVE(&ncp->nc_vp->v_cache_dst,
ncp, nc_dst);
else
} else {
TAILQ_REMOVE(&ncneg, ncp, nc_dst);
if (vp != NULL)
numneg--;
}
if (vp != NULL) {
TAILQ_INSERT_HEAD(&vp->v_cache_dst,
ncp, nc_dst);
else
} else {
TAILQ_INSERT_TAIL(&ncneg, ncp, nc_dst);
numneg++;
}
ncp->nc_vp = vp;
CACHE_WUNLOCK();
return;
@ -893,6 +897,8 @@ cache_enter_time(dvp, vp, cnp, tsp, dtsp)
}
if (numneg * ncnegfactor > numcache) {
ncp = TAILQ_FIRST(&ncneg);
KASSERT(ncp->nc_vp == NULL, ("ncp %p vp %p on ncneg",
ncp, ncp->nc_vp));
zap = 1;
}
if (hold)