Skip to main content

Browse the archive

swh:1:snp:2ca5d6eff8f04a671c0d5b13646cede522c64b7d
Revision 68e23840d424b9ee403f09dcbdc106327d385ece authored by Konstantin Belousov on 23 January 2010, 19:01:25 UTC, committed by Konstantin Belousov on 23 January 2010, 19:01:25 UTC 
MFC r186277:
 
The quotactl, statfs and fstatfs syscall implementations may dereference
NULL pointer to struct mount if the looked up vnode is reclaimed. Also,
these syscalls only mnt_ref() the mp, still allowing it to be unmounted;
only struct mount memory is kept from being reused.

Lock the vnode when doing name lookup, then reference its mount point,
unlock the vnode and vfs_busy the mountpoint. This sequence shall take
care of both races.

MFC r188141 (by trasz):
In some situations, mnt_lockref could go negative due to vfs_unbusy() being
called without calling vfs_busy() first.  This made umount(8) hang waiting
for mnt_lockref to become zero, which would never happen.

MFC r196887:
In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent
vn_start_write(NULL, &mp) from operating on potentially freed or reused
struct mount *.

Remove unmatched vfs_rel() in cleanup.

Approved by:	re (bz)
1 parent d902a89
History
Tip revision: 69f28986ad97c1e3d55279d696d1884c963f530e authored by Ken Thompson on 30 June 1970, 10:00:00 UTC
Research PDP7 development
Tip revision: 69f2898
File Mode Size
bin
cddl
contrib
crypto
etc
games
gnu
include
kerberos5
lib
libexec
release
rescue
sbin
secure
share
sys
tools
usr.bin
usr.sbin
ALU-USA-statement.pdf -rw-r--r-- 38.0 KB
COPYRIGHT -rw-r--r-- 6.0 KB
Caldera-license.pdf -rw-r--r-- 12.0 KB
LICENSE -rw-r--r-- 14.8 KB
LOCKS -rw-r--r-- 354 bytes
MAINTAINERS -rw-r--r-- 6.7 KB
Makefile -rw-r--r-- 11.7 KB
Makefile.inc1 -rw-r--r-- 38.2 KB
ObsoleteFiles.inc -rw-r--r-- 190.4 KB
README -rw-r--r-- 3.0 KB
README.md -rw-r--r-- 16.2 KB
UPDATING -rw-r--r-- 43.4 KB

README.md

back to top