diff -Nurp xfsprogs/repair/dir2.c xfsprogs-dirty/repair/dir2.c
--- xfsprogs/repair/dir2.c 2010-07-16 13:07:09.000000000 +0900
+++ xfsprogs-dirty/repair/dir2.c 2011-01-28 18:49:21.000000000 +0900
@@ -110,9 +110,10 @@ da_read_buf(
bplist[i] = libxfs_readbuf(mp->m_dev,
XFS_FSB_TO_DADDR(mp, bmp[i].startblock),
XFS_FSB_TO_BB(mp, bmp[i].blockcount), 0);
- if (!bplist[i])
+ if (!bplist[i]){
+ nex = i;
goto failed;
-
+ }
pftrace("readbuf %p (%llu, %d)", bplist[i],
(long long)XFS_BUF_ADDR(bplist[i]),
XFS_BUF_COUNT(bplist[i]));
libxfs_putbuf() is called with bp = NULL, resulting in pagefault in libpthread.Function da_read_buf() allocate array of xfs_buf_t *xfs_buf_t **bplist;
bplist = calloc(nex, sizeof(*bplist));
Read and fill it using
for (i = 0; i < nex; i++) {
bplist[i] = libxfs_readbuf()if (!bplist[i]){
goto failed;
}}
failed:
for (i = 0; i < nex; i++)
libxfs_putbuf(bplist[i]);Now assume nex = 10,
1. Will create bplist for 10 array elements.
3. Reading from disk 0,1, 2, 3
4. When reading from disk 4, USB is removed
5. libxfs_readbuf() will at fail, pblist[4] = NULL, goto failed.
6. Since only 4 buffers were read successfully, so only 4 are in lock state.
7. Error handling will unlock buffer from 1-10
8. Buffer 0-3 were read successfully, hence will have valid pdlist[i]
9. Access pblist[4] == NULL, therefore unlocking will set bp == NULL in libxfs_putbuf(bp);
10. Page fault in libpthreadSolution patch attached with mail
_______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
