Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Jul 2016 10:10:05 +0000 (UTC)
From:      Andriy Gapon <avg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r302746 - in stable/10/sys/cddl: compat/opensolaris/kern contrib/opensolaris/uts/common/fs/zfs
Message-ID:  <201607131010.u6DAA5Bj004328@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: avg
Date: Wed Jul 13 10:10:05 2016
New Revision: 302746
URL: https://svnweb.freebsd.org/changeset/base/302746

Log:
  MFC r299940: fix a vnode reference leak caused by illumos compat traverse()

Modified:
  stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_lookup.c
  stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_lookup.c
==============================================================================
--- stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_lookup.c	Wed Jul 13 10:06:17 2016	(r302745)
+++ stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_lookup.c	Wed Jul 13 10:10:05 2016	(r302746)
@@ -89,13 +89,14 @@ traverse(vnode_t **cvpp, int lktype)
 		if (vfsp == NULL)
 			break;
 		error = vfs_busy(vfsp, 0);
+
 		/*
 		 * tvp is NULL for *cvpp vnode, which we can't unlock.
-		 * At least some callers expect the reference to be
-		 * maintained to the original *cvpp
 		 */
 		if (tvp != NULL)
 			vput(cvp);
+		else
+			vrele(cvp);
 		if (error)
 			return (error);
 

Modified: stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c
==============================================================================
--- stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c	Wed Jul 13 10:06:17 2016	(r302745)
+++ stable/10/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_ctldir.c	Wed Jul 13 10:10:05 2016	(r302746)
@@ -1044,7 +1044,6 @@ zfsctl_snapdir_lookup(ap)
 		VN_HOLD(*vpp);
 		err = traverse(vpp, LK_EXCLUSIVE | LK_RETRY);
 		if (err != 0) {
-			VN_RELE(*vpp);
 			*vpp = NULL;
 		} else if (*vpp == sep->se_root) {
 			/*
@@ -1675,16 +1674,15 @@ zfsctl_lookup_objset(vfs_t *vfsp, uint64
 		 */
 		error = traverse(&vp, LK_SHARED | LK_RETRY);
 		if (error == 0) {
-			if (vp == sep->se_root)
+			if (vp == sep->se_root) {
+				VN_RELE(vp);	/* release covered vp */
 				error = SET_ERROR(EINVAL);
-			else
+			} else {
 				*zfsvfsp = VTOZ(vp)->z_zfsvfs;
+				VN_URELE(vp);	/* put snapshot's root vp */
+			}
 		}
 		mutex_exit(&sdp->sd_lock);
-		if (error == 0)
-			VN_URELE(vp);
-		else
-			VN_RELE(vp);
 	} else {
 		error = SET_ERROR(EINVAL);
 		mutex_exit(&sdp->sd_lock);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607131010.u6DAA5Bj004328>