Revision 68e23840d424b9ee403f09dcbdc106327d385ece authored by Konstantin Belousov on 23 January 2010, 19:01:25 UTC, committed by Konstantin Belousov on 23 January 2010, 19:01:25 UTC
The quotactl, statfs and fstatfs syscall implementations may dereference NULL pointer to struct mount if the looked up vnode is reclaimed. Also, these syscalls only mnt_ref() the mp, still allowing it to be unmounted; only struct mount memory is kept from being reused. Lock the vnode when doing name lookup, then reference its mount point, unlock the vnode and vfs_busy the mountpoint. This sequence shall take care of both races. MFC r188141 (by trasz): In some situations, mnt_lockref could go negative due to vfs_unbusy() being called without calling vfs_busy() first. This made umount(8) hang waiting for mnt_lockref to become zero, which would never happen. MFC r196887: In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent vn_start_write(NULL, &mp) from operating on potentially freed or reused struct mount *. Remove unmatched vfs_rel() in cleanup. Approved by: re (bz)
1 parent d902a89
File | Mode | Size |
---|---|---|
amd64 | ||
arm | ||
boot | ||
bsm | ||
cam | ||
cddl | ||
compat | ||
conf | ||
contrib | ||
crypto | ||
ddb | ||
dev | ||
fs | ||
gdb | ||
geom | ||
gnu | ||
i386 | ||
i4b | ||
ia64 | ||
isa | ||
kern | ||
libkern | ||
modules | ||
net | ||
net80211 | ||
netatalk | ||
netgraph | ||
netinet | ||
netinet6 | ||
netipsec | ||
netipx | ||
netnatm | ||
netncp | ||
netsmb | ||
nfs | ||
nfs4client | ||
nfsclient | ||
nfsserver | ||
nlm | ||
opencrypto | ||
pc98 | ||
pccard | ||
pci | ||
powerpc | ||
rpc | ||
security | ||
sparc64 | ||
sun4v | ||
sys | ||
tools | ||
ufs | ||
vm | ||
xdr | ||
Makefile | -rw-r--r-- | 1.4 KB |
Computing file changes ...