Skip to main content

Browse the archive

Revision 68e23840d424b9ee403f09dcbdc106327d385ece authored by Konstantin Belousov on 23 January 2010, 19:01:25 UTC, committed by Konstantin Belousov on 23 January 2010, 19:01:25 UTC 
MFC r186277:
 
The quotactl, statfs and fstatfs syscall implementations may dereference
NULL pointer to struct mount if the looked up vnode is reclaimed. Also,
these syscalls only mnt_ref() the mp, still allowing it to be unmounted;
only struct mount memory is kept from being reused.

Lock the vnode when doing name lookup, then reference its mount point,
unlock the vnode and vfs_busy the mountpoint. This sequence shall take
care of both races.

MFC r188141 (by trasz):
In some situations, mnt_lockref could go negative due to vfs_unbusy() being
called without calling vfs_busy() first.  This made umount(8) hang waiting
for mnt_lockref to become zero, which would never happen.

MFC r196887:
In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent
vn_start_write(NULL, &mp) from operating on potentially freed or reused
struct mount *.

Remove unmatched vfs_rel() in cleanup.

Approved by:	re (bz)
1 parent d902a89
History
File Mode Size
IPXrouted
ac
accton
acpi
adduser
amd
ancontrol
apm
apmd
arlcontrol
arp
asf
audit
auditd
auditreduce
authpf
bluetooth
boot0cfg
boot98cfg
bootparamd
bsnmpd
btxld
burncd
cdcontrol
chkgrp
chown
chroot
ckdist
clear_locks
config
cpucontrol
crashinfo
cron
crunch
ctm
cxgbtool
daemon
dconschat
devinfo
digictl
diskinfo
dnssec-keygen
dnssec-signzone
editmap
edquota
eeprom
extattr
extattrctl
faithd
fdcontrol
fdformat
fdread
fdwrite
fifolog
flowctl
freebsd-update
ftp-proxy
fwcontrol
getfmac
getpmac
gstat
i4b
ifmcstat
inetd
iostat
ip6addrctl
ipfwpcap
jail
jexec
jls
kbdcontrol
kbdmap
kernbb
keyserv
kgmon
kgzip
kldxref
lastlogin
lmcconfig
lpr
lptcontrol
mailstats
mailwrapper
makefs
makemap
manctl
memcontrol
mergemaster
mfiutil
mixer
mld6query
mlxcontrol
mount_nwfs
mount_portalfs
mount_smbfs
mountd
moused
mptable
mptutil
mtest
mtree
named
named-checkconf
named-checkzone
named.reload
ndiscvt
ndp
newsyslog
nfsd
ngctl
nghook
nologin
nscd
ntp
nvram
ofwdump
pccard
pciconf
periodic
pkg_install
pmcannotate
pmccontrol
pmcstat
pnpinfo
portsnap
powerd
ppp
pppctl
pppd
pppstats
praliases
praudit
procctl
pstat
pw
pwd_mkdb
quot
quotaon
rarpd
raycontrol
repquota
rip6query
rmt
rndc
rndc-confgen
route6d
rpc.lockd
rpc.statd
rpc.umntall
rpc.yppasswdd
rpc.ypupdated
rpc.ypxfrd
rpcbind
rrenumd
rtadvd
rtprio
rtsold
rwhod
sa
sade
sendmail
service
setfib
setfmac
setpmac
sicontrol
sliplogin
slstat
smbmsg
snapinfo
spkrtest
spray
sysinstall
syslogd
tcpdchk
tcpdmatch
tcpdrop
tcpdump
timed
traceroute
traceroute6
trpt
tzsetup
ugidfw
usbdevs
vidcontrol
vipw
watch
watchdogd
wlandebug
wlconfig
wpa
yp_mkdb
ypbind
yppoll
yppush
ypserv
ypset
zic
zzz
Makefile -rw-r--r-- 7.5 KB
Makefile.inc -rw-r--r-- 73 bytes
back to top