Date: Thu, 5 Oct 2017 06:54:25 +0000 (UTC) From: Andriy Gapon <avg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r324293 - in stable/11/sys: cddl/compat/opensolaris/kern kern Message-ID: <201710050654.v956sPQL099690@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: avg Date: Thu Oct 5 06:54:25 2017 New Revision: 324293 URL: https://svnweb.freebsd.org/changeset/base/324293 Log: MFC r323578,r323769: dounmount: do not release the mount point's reference on the covered vnode As long as mnt_ref is not zero there can be a consumer that might try to access mnt_vnodecovered. For this reason the covered vnode must not be freed until mnt_ref goes to zero. So, move the release of the covered vnode to vfs_mount_destroy. Modified: stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c stable/11/sys/kern/vfs_mount.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c ============================================================================== --- stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Thu Oct 5 06:39:57 2017 (r324292) +++ stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c Thu Oct 5 06:54:25 2017 (r324293) @@ -209,6 +209,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const cha vput(vp); vfs_unbusy(mp); vfs_freeopts(mp->mnt_optnew); + mp->mnt_vnodecovered = NULL; vfs_mount_destroy(mp); return (error); } Modified: stable/11/sys/kern/vfs_mount.c ============================================================================== --- stable/11/sys/kern/vfs_mount.c Thu Oct 5 06:39:57 2017 (r324292) +++ stable/11/sys/kern/vfs_mount.c Thu Oct 5 06:54:25 2017 (r324293) @@ -522,6 +522,8 @@ vfs_mount_destroy(struct mount *mp) if (mp->mnt_lockref != 0) panic("vfs_mount_destroy: nonzero lock refcount"); MNT_IUNLOCK(mp); + if (mp->mnt_vnodecovered != NULL) + vrele(mp->mnt_vnodecovered); #ifdef MAC mac_mount_destroy(mp); #endif @@ -819,6 +821,7 @@ vfs_domount_first( error = VFS_MOUNT(mp); if (error != 0) { vfs_unbusy(mp); + mp->mnt_vnodecovered = NULL; vfs_mount_destroy(mp); VI_LOCK(vp); vp->v_iflag &= ~VI_MOUNT; @@ -1426,7 +1429,7 @@ dounmount(struct mount *mp, int flags, struct thread * EVENTHANDLER_INVOKE(vfs_unmounted, mp, td); if (coveredvp != NULL) { coveredvp->v_mountedhere = NULL; - vput(coveredvp); + VOP_UNLOCK(coveredvp, 0); } vfs_event_signal(NULL, VQ_UNMOUNT, 0); if (mp == rootdevmp)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710050654.v956sPQL099690>