Revision 68e23840d424b9ee403f09dcbdc106327d385ece authored by Konstantin Belousov on 23 January 2010, 19:01:25 UTC, committed by Konstantin Belousov on 23 January 2010, 19:01:25 UTC
The quotactl, statfs and fstatfs syscall implementations may dereference NULL pointer to struct mount if the looked up vnode is reclaimed. Also, these syscalls only mnt_ref() the mp, still allowing it to be unmounted; only struct mount memory is kept from being reused. Lock the vnode when doing name lookup, then reference its mount point, unlock the vnode and vfs_busy the mountpoint. This sequence shall take care of both races. MFC r188141 (by trasz): In some situations, mnt_lockref could go negative due to vfs_unbusy() being called without calling vfs_busy() first. This made umount(8) hang waiting for mnt_lockref to become zero, which would never happen. MFC r196887: In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent vn_start_write(NULL, &mp) from operating on potentially freed or reused struct mount *. Remove unmatched vfs_rel() in cleanup. Approved by: re (bz)
1 parent d902a89
| File | Mode | Size |
|---|---|---|
| help | ||
| Makefile | -rw-r--r-- | 5.1 KB |
| acpi.c | -rw-r--r-- | 8.7 KB |
| acpidump.h | -rw-r--r-- | 4.8 KB |
| anonFTP.c | -rw-r--r-- | 11.2 KB |
| biosmptable.c | -rw-r--r-- | 6.8 KB |
| cdrom.c | -rw-r--r-- | 6.6 KB |
| command.c | -rw-r--r-- | 5.3 KB |
| config.c | -rw-r--r-- | 30.1 KB |
| devices.c | -rw-r--r-- | 18.8 KB |
| dhcp.c | -rw-r--r-- | 4.2 KB |
| disks.c | -rw-r--r-- | 28.8 KB |
| dispatch.c | -rw-r--r-- | 11.2 KB |
| dist.c | -rw-r--r-- | 23.2 KB |
| dist.h | -rw-r--r-- | 1.7 KB |
| dmenu.c | -rw-r--r-- | 9.1 KB |
| doc.c | -rw-r--r-- | 4.7 KB |
| dos.c | -rw-r--r-- | 2.8 KB |
| floppy.c | -rw-r--r-- | 4.5 KB |
| ftp.c | -rw-r--r-- | 8.0 KB |
| globals.c | -rw-r--r-- | 3.2 KB |
| http.c | -rw-r--r-- | 8.0 KB |
| index.c | -rw-r--r-- | 26.2 KB |
| install.c | -rw-r--r-- | 37.9 KB |
| install.cfg | -rw-r--r-- | 2.4 KB |
| installUpgrade.c | -rw-r--r-- | 19.8 KB |
| keymap.c | -rw-r--r-- | 4.4 KB |
| label.c | -rw-r--r-- | 46.9 KB |
| list.h | -rw-r--r-- | 2.2 KB |
| main.c | -rw-r--r-- | 6.5 KB |
| media.c | -rw-r--r-- | 23.6 KB |
| menus.c | -rw-r--r-- | 107.6 KB |
| misc.c | -rw-r--r-- | 12.6 KB |
| modules.c | -rw-r--r-- | 6.1 KB |
| mouse.c | -rw-r--r-- | 3.5 KB |
| msg.c | -rw-r--r-- | 8.5 KB |
| network.c | -rw-r--r-- | 11.6 KB |
| nfs.c | -rw-r--r-- | 3.1 KB |
| options.c | -rw-r--r-- | 10.1 KB |
| package.c | -rw-r--r-- | 8.0 KB |
| pccard.c | -rw-r--r-- | 9.0 KB |
| rtermcap.c | -rw-r--r-- | 188 bytes |
| sysinstall.8 | -rw-r--r-- | 22.9 KB |
| sysinstall.h | -rw-r--r-- | 33.0 KB |
| system.c | -rw-r--r-- | 12.5 KB |
| tape.c | -rw-r--r-- | 3.9 KB |
| tcpip.c | -rw-r--r-- | 21.0 KB |
| termcap.c | -rw-r--r-- | 3.9 KB |
| ttys.c | -rw-r--r-- | 4.5 KB |
| ufs.c | -rw-r--r-- | 1.9 KB |
| user.c | -rw-r--r-- | 18.2 KB |
| variable.c | -rw-r--r-- | 7.9 KB |
| wizard.c | -rw-r--r-- | 4.2 KB |
Computing file changes ...
