Revision 68e23840d424b9ee403f09dcbdc106327d385ece authored by Konstantin Belousov on 23 January 2010, 19:01:25 UTC, committed by Konstantin Belousov on 23 January 2010, 19:01:25 UTC
The quotactl, statfs and fstatfs syscall implementations may dereference NULL pointer to struct mount if the looked up vnode is reclaimed. Also, these syscalls only mnt_ref() the mp, still allowing it to be unmounted; only struct mount memory is kept from being reused. Lock the vnode when doing name lookup, then reference its mount point, unlock the vnode and vfs_busy the mountpoint. This sequence shall take care of both races. MFC r188141 (by trasz): In some situations, mnt_lockref could go negative due to vfs_unbusy() being called without calling vfs_busy() first. This made umount(8) hang waiting for mnt_lockref to become zero, which would never happen. MFC r196887: In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent vn_start_write(NULL, &mp) from operating on potentially freed or reused struct mount *. Remove unmatched vfs_rel() in cleanup. Approved by: re (bz)
1 parent d902a89
| File | Mode | Size |
|---|---|---|
| bluetooth | ||
| defaults | ||
| etc.amd64 | ||
| etc.arm | ||
| etc.i386 | ||
| etc.ia64 | ||
| etc.powerpc | ||
| etc.sparc64 | ||
| gss | ||
| isdn | ||
| mtree | ||
| namedb | ||
| pam.d | ||
| periodic | ||
| ppp | ||
| rc.d | ||
| root | ||
| sendmail | ||
| Makefile | -rw-r--r-- | 8.6 KB |
| amd.map | -rw-r--r-- | 154 bytes |
| apmd.conf | -rw-r--r-- | 1.2 KB |
| auth.conf | -rw-r--r-- | 173 bytes |
| crontab | -rw-r--r-- | 670 bytes |
| csh.cshrc | -rw-r--r-- | 52 bytes |
| csh.login | -rw-r--r-- | 421 bytes |
| csh.logout | -rw-r--r-- | 53 bytes |
| ddb.conf | -rw-r--r-- | 505 bytes |
| devd.conf | -rw-r--r-- | 9.5 KB |
| devfs.conf | -rw-r--r-- | 2.0 KB |
| dhclient.conf | -rw-r--r-- | 205 bytes |
| disktab | -rw-r--r-- | 5.5 KB |
| fbtab | -rw-r--r-- | 90 bytes |
| freebsd-update.conf | -rw-r--r-- | 2.4 KB |
| ftpusers | -rw-r--r-- | 195 bytes |
| gettytab | -rw-r--r-- | 5.9 KB |
| group | -rw-r--r-- | 364 bytes |
| hosts | -rw-r--r-- | 1.0 KB |
| hosts.allow | -rw-r--r-- | 3.2 KB |
| hosts.equiv | -rw-r--r-- | 53 bytes |
| hosts.lpd | -rw-r--r-- | 43 bytes |
| inetd.conf | -rw-r--r-- | 5.0 KB |
| libalias.conf | -rw-r--r-- | 170 bytes |
| login.access | -rw-r--r-- | 1.7 KB |
| login.conf | -rw-r--r-- | 6.6 KB |
| mac.conf | -rw-r--r-- | 507 bytes |
| man.alias | -rw-r--r-- | 43 bytes |
| master.passwd | -rw-r--r-- | 1.3 KB |
| minfree | -rw-r--r-- | 5 bytes |
| motd | -rw-r--r-- | 1.1 KB |
| netconfig | -rw-r--r-- | 729 bytes |
| netstart | -rwxr-xr-x | 2.2 KB |
| network.subr | -rw-r--r-- | 21.6 KB |
| networks | -rw-r--r-- | 310 bytes |
| newsyslog.conf | -rw-r--r-- | 1.8 KB |
| nls.alias | -rw-r--r-- | 65 bytes |
| nscd.conf | -rw-r--r-- | 231 bytes |
| nsmb.conf | -rw-r--r-- | 1.6 KB |
| nsswitch.conf | -rw-r--r-- | 255 bytes |
| opieaccess | -rw-r--r-- | 377 bytes |
| pccard_ether | -rwxr-xr-x | 2.2 KB |
| pf.os | -rw-r--r-- | 27.7 KB |
| phones | -rw-r--r-- | 183 bytes |
| portsnap.conf | -rw-r--r-- | 1.4 KB |
| printcap | -rw-r--r-- | 2.0 KB |
| profile | -rw-r--r-- | 561 bytes |
| protocols | -rw-r--r-- | 5.9 KB |
| rc | -rw-r--r-- | 3.6 KB |
| rc.bsdextended | -rw-r--r-- | 4.4 KB |
| rc.firewall | -rw-r--r-- | 13.3 KB |
| rc.firewall6 | -rw-r--r-- | 9.2 KB |
| rc.initdiskless | -rw-r--r-- | 12.5 KB |
| rc.resume | -rwxr-xr-x | 2.2 KB |
| rc.sendmail | -rw-r--r-- | 5.6 KB |
| rc.shutdown | -rw-r--r-- | 3.2 KB |
| rc.subr | -rw-r--r-- | 35.1 KB |
| rc.suspend | -rwxr-xr-x | 2.2 KB |
| remote | -rw-r--r-- | 2.3 KB |
| rpc | -rw-r--r-- | 1.6 KB |
| services | -rw-r--r-- | 81.0 KB |
| shells | -rw-r--r-- | 165 bytes |
| snmpd.config | -rw-r--r-- | 2.3 KB |
| sysctl.conf | -rw-r--r-- | 311 bytes |
| syslog.conf | -rw-r--r-- | 1.2 KB |
| termcap.small | -rw-r--r-- | 10.4 KB |
Computing file changes ...
