Date: Sat, 23 Jan 2010 19:01:25 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern vfs_syscalls.c Message-ID: <201001231901.o0NJ1gM1000124@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kib 2010-01-23 19:01:25 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_7)
sys/kern vfs_syscalls.c
Log:
SVN rev 202895 on 2010-01-23 19:01:25Z by kib
MFC r186277:
The quotactl, statfs and fstatfs syscall implementations may dereference
NULL pointer to struct mount if the looked up vnode is reclaimed. Also,
these syscalls only mnt_ref() the mp, still allowing it to be unmounted;
only struct mount memory is kept from being reused.
Lock the vnode when doing name lookup, then reference its mount point,
unlock the vnode and vfs_busy the mountpoint. This sequence shall take
care of both races.
MFC r188141 (by trasz):
In some situations, mnt_lockref could go negative due to vfs_unbusy() being
called without calling vfs_busy() first. This made umount(8) hang waiting
for mnt_lockref to become zero, which would never happen.
MFC r196887:
In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent
vn_start_write(NULL, &mp) from operating on potentially freed or reused
struct mount *.
Remove unmatched vfs_rel() in cleanup.
Approved by: re (bz)
Revision Changes Path
1.443.2.12 +24 -8 src/sys/kern/vfs_syscalls.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001231901.o0NJ1gM1000124>