Module Name: src
Committed By: sborrill
Date: Wed Jan 27 21:27:20 UTC 2010
Modified Files:
src/doc [netbsd-5]: CHANGES-5.1
Log Message:
Ticket 1252
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.183 -r1.1.2.184 src/doc/CHANGES-5.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.1
diff -u src/doc/CHANGES-5.1:1.1.2.183 src/doc/CHANGES-5.1:1.1.2.184
--- src/doc/CHANGES-5.1:1.1.2.183 Wed Jan 27 21:18:36 2010
+++ src/doc/CHANGES-5.1 Wed Jan 27 21:27:19 2010
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.1,v 1.1.2.183 2010/01/27 21:18:36 sborrill Exp $
+# $NetBSD: CHANGES-5.1,v 1.1.2.184 2010/01/27 21:27:19 sborrill Exp $
A complete list of changes from the NetBSD 5.0 release to the NetBSD 5.1
release:
@@ -16354,3 +16354,18 @@
Tested on qemu.
[bouyer, ticket #1248]
+sys/ufs/ufs/ufs_quota.c 1.65
+
+ vclean() actually sets v_tag to VT_NON but doesn't touch v_type.
+ getcleanvnode() sets v_type to VNON after releasing v_interlock.
+ So the thread doing quotaon(), quotaoff() or qsync() could vget()
+ a vnode which is being recycled in getcleanvnode(), after it has
+ been cleaned and v_interlock released, but before v_type has been
+ reset, leading to KASSERT(vp->v_usecount == 1) firing in
+ getnewvnode(), or qsync() dereferencing a NULL pointer as in
+ PR kern/42205.
+ Fix by using the same tests as other ffs functions traversing the
+ mount list: also check for VTOI(vp) == NULL, and VI_XLOCK in
+ addition to VI_CLEAN.
+ [bouyer, ticket #1252]
+
