diff options
| author | Matthew Dillon <dillon@FreeBSD.org> | 2001-11-09 21:34:45 +0000 |
|---|---|---|
| committer | Matthew Dillon <dillon@FreeBSD.org> | 2001-11-09 21:34:45 +0000 |
| commit | fe8e0238cc80ab889b51b5c95244299b59a78be0 (patch) | |
| tree | e10a0653bc0339aef9d58536278b973f140021cf /sys/vm/vm_fault.c | |
| parent | 79327ed19cb15b2fb0b429c1e88466941307cb1c (diff) | |
| download | src-fe8e0238cc80ab889b51b5c95244299b59a78be0.tar.gz src-fe8e0238cc80ab889b51b5c95244299b59a78be0.zip | |
Fix deadlock introduced in 1.73 (Jan 1998). The paging-in-progress count
on a vnode-backed object must be incremented *after* obtaining the vnode
lock. If it is bumped before obtaining the vnode lock we can deadlock
against vtruncbuf().
Submitted by: peter, ps
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=86236
Diffstat (limited to 'sys/vm/vm_fault.c')
| -rw-r--r-- | sys/vm/vm_fault.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/vm/vm_fault.c b/sys/vm/vm_fault.c index 8814ae5ae2a9..79e122420adf 100644 --- a/sys/vm/vm_fault.c +++ b/sys/vm/vm_fault.c @@ -269,11 +269,15 @@ RetryFault:; * are messing with it. Once we have the reference, the map is free * to be diddled. Since objects reference their shadows (and copies), * they will stay around as well. + * + * Bump the paging-in-progress count to prevent size changes (e.g. + * truncation operations) during I/O. This must be done after + * obtaining the vnode lock in order to avoid possible deadlocks. */ vm_object_reference(fs.first_object); + fs.vp = vnode_pager_lock(fs.first_object); vm_object_pip_add(fs.first_object, 1); - fs.vp = vnode_pager_lock(fs.first_object); if ((fault_type & VM_PROT_WRITE) && (fs.first_object->type == OBJT_VNODE)) { vm_freeze_copyopts(fs.first_object, |