Date: Fri, 22 Jan 2016 20:30:51 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r294595 - head/sys/fs/devfs Message-ID: <201601222030.u0MKUpAH011500@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Fri Jan 22 20:30:51 2016 New Revision: 294595 URL: https://svnweb.freebsd.org/changeset/base/294595 Log: When devfs dirent is freed, a vnode might still keep a pointer to it, apparently. Interlock and clear the pointer to avoid free memory dereference. Submitted by: bde (previous version) MFC after: 3 weeks Modified: head/sys/fs/devfs/devfs_devs.c Modified: head/sys/fs/devfs/devfs_devs.c ============================================================================== --- head/sys/fs/devfs/devfs_devs.c Fri Jan 22 20:28:24 2016 (r294594) +++ head/sys/fs/devfs/devfs_devs.c Fri Jan 22 20:30:51 2016 (r294595) @@ -304,6 +304,13 @@ devfs_vmkdir(struct devfs_mount *dmp, ch void devfs_dirent_free(struct devfs_dirent *de) { + struct vnode *vp; + + vp = de->de_vnode; + mtx_lock(&devfs_de_interlock); + if (vp != NULL && vp->v_data == de) + vp->v_data = NULL; + mtx_unlock(&devfs_de_interlock); free(de, M_DEVFS3); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601222030.u0MKUpAH011500>