From: Venkatesh Srinivas <me@endeavour.zapto.org>
Date: Fri, 30 Mar 2012 06:33:08 +0000 (-0700)
Subject: kernel -- ffs: Do not dereference NULL inodes in ffs_sync_scan1.
X-Git-Tag: v3.4.0rc~1149^2~6
X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/609f61878d1378c3d04602cf1e581a6f57dfae47

kernel -- ffs: Do not dereference NULL inodes in ffs_sync_scan1.

ffs_sync_scan1 is a fast callback from vmntvnodescan; it is not called
with vnodes locked. It is possible for an ffs_reclaim to have reclaimed
the vnode in question, NULL-ing out ip, without having removed the vnode
from the per-mount list. If we see a NULL inode, return failure from the
fast callback.
---

diff --git a/sys/vfs/ufs/ffs_vfsops.c b/sys/vfs/ufs/ffs_vfsops.c
index ecd49b5936..b004177cfe 100644
--- a/sys/vfs/ufs/ffs_vfsops.c
+++ b/sys/vfs/ufs/ffs_vfsops.c
@@ -1031,7 +1031,7 @@ ffs_sync_scan1(struct mount *mp, struct vnode *vp, void *data)
 	/* Restart out whole search if this guy is locked
 	 * or is being reclaimed.
 	 */
-	if (vp->v_type == VNON || ((ip->i_flag &
+	if (vp->v_type == VNON || (ip == NULL) || ((ip->i_flag &
 	     (IN_ACCESS | IN_CHANGE | IN_MODIFIED | IN_UPDATE)) == 0 &&
 	     RB_EMPTY(&vp->v_rbdirty_tree))) {
 		return(-1);