infinite loop in ffs_sync()
infinite loop in ffs_sync()
- Subject: infinite loop in ffs_sync()
- From: Nikita Danilov <email@hidden>
- Date: Tue, 27 Jul 2004 15:28:55 +0400
Hello,
xnu/bsd/ufs/ffs/ffs_vfsops.c:ffs_sync() contains
----------------------------------------------------------------------
/*
* Write back each (modified) inode.
*/
simple_lock(&mntvnode_slock);
loop:
for (vp = mp->mnt_vnodelist.lh_first;
vp != NULL;
vp = nvp) {
int didhold = 0;
/*
* If the vnode that we are about to sync is no longer
* associated with this mount point, start over.
*/
if (vp->v_mount != mp)
goto loop;
----------------------------------------------------------------------
As mp->mnt_vnodelist is protected by mntvnode_slock lock, which is not
released here, offending vnode cannot be removed from the list, and goto
loop is infinite.
Exactly the same bug was present in the ffs_vfsops.c:1.232 (Fri Apr 30
23:14:30 2004) version of this file in FreeBSD, but is fixed in FreeBSD
HEAD.
Nikita.
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.