Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 14 Sep 2017 08:47:06 +0000 (UTC)
From:      Andriy Gapon <avg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r323578 - in head/sys: cddl/compat/opensolaris/kern kern
Message-ID:  <201709140847.v8E8l6GN006794@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: avg
Date: Thu Sep 14 08:47:06 2017
New Revision: 323578
URL: https://svnweb.freebsd.org/changeset/base/323578

Log:
  dounmount: do not release the mount point's reference on the covered vnode
  
  As long as mnt_ref is not zero there can be a consumer that might try
  to access mnt_vnodecovered.  For this reason the covered vnode must not
  be freed until mnt_ref goes to zero.
  So, move the release of the covered vnode to vfs_mount_destroy.
  
  Reviewed by:	kib
  MFC after:	3 weeks
  Differential Revision: https://reviews.freebsd.org/D12329

Modified:
  head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
  head/sys/kern/vfs_mount.c

Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c	Thu Sep 14 05:48:23 2017	(r323577)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c	Thu Sep 14 08:47:06 2017	(r323578)
@@ -209,6 +209,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const cha
 		vput(vp);
 		vfs_unbusy(mp);
 		vfs_freeopts(mp->mnt_optnew);
+		mp->mnt_vnodecovered = NULL;
 		vfs_mount_destroy(mp);
 		return (error);
 	}

Modified: head/sys/kern/vfs_mount.c
==============================================================================
--- head/sys/kern/vfs_mount.c	Thu Sep 14 05:48:23 2017	(r323577)
+++ head/sys/kern/vfs_mount.c	Thu Sep 14 08:47:06 2017	(r323578)
@@ -507,6 +507,8 @@ vfs_mount_destroy(struct mount *mp)
 	KASSERT(mp->mnt_ref == 0,
 	    ("%s: invalid refcount in the drain path @ %s:%d", __func__,
 	    __FILE__, __LINE__));
+	if (mp->mnt_vnodecovered != NULL)
+		vrele(mp->mnt_vnodecovered);
 	if (mp->mnt_writeopcount != 0)
 		panic("vfs_mount_destroy: nonzero writeopcount");
 	if (mp->mnt_secondary_writes != 0)
@@ -819,6 +821,7 @@ vfs_domount_first(
 	error = VFS_MOUNT(mp);
 	if (error != 0) {
 		vfs_unbusy(mp);
+		mp->mnt_vnodecovered = NULL;
 		vfs_mount_destroy(mp);
 		VI_LOCK(vp);
 		vp->v_iflag &= ~VI_MOUNT;
@@ -1426,7 +1429,7 @@ dounmount(struct mount *mp, int flags, struct thread *
 	EVENTHANDLER_INVOKE(vfs_unmounted, mp, td);
 	if (coveredvp != NULL) {
 		coveredvp->v_mountedhere = NULL;
-		vput(coveredvp);
+		VOP_UNLOCK(coveredvp, 0);
 	}
 	vfs_event_signal(NULL, VQ_UNMOUNT, 0);
 	if (mp == rootdevmp)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709140847.v8E8l6GN006794>