kernel - Fix swapcache related crash
authorMatthew Dillon <dillon@apollo.backplane.com>
Sat, 19 Nov 2011 10:32:31 +0000 (02:32 -0800)
committerMatthew Dillon <dillon@apollo.backplane.com>
Sat, 19 Nov 2011 10:32:31 +0000 (02:32 -0800)
* VM object must be held while vmobj_token serializes list, before
  the lwkt_yield() not after.

* Fixes crash when swapcache fills up and starts to remove entries.

sys/vm/vm_swapcache.c

index 94dcb3f..4cb7dbc 100644 (file)
@@ -636,10 +636,13 @@ vm_swapcache_cleaning(vm_object_t marker)
        lwkt_gettoken(&vmobj_token);
 
        while ((object = TAILQ_NEXT(object, object_list)) != NULL) {
+               vm_object_hold(object);
+
                lwkt_yield();
-               if (--count <= 0)
+               if (--count <= 0) {
+                       vm_object_drop(object);
                        break;
-               vm_object_hold(object);
+               }
 
                /* 
                 * Only operate on live VNODE objects with regular/chardev types
@@ -678,7 +681,7 @@ vm_swapcache_cleaning(vm_object_t marker)
                 * requested number of blocks, it will return n >= count
                 * and we break and pick it back up on a future attempt.
                 */
-               vm_object_lock_swap();
+               lwkt_token_swap();
                lwkt_reltoken(&vmobj_token);
 
                n = swap_pager_condfree(object, &marker->size, count);