Date: Mon, 29 Dec 2008 12:07:18 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/fs/pseudofs pseudofs_vncache.c Message-ID: <200812291207.mBTC7PYG050088@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kib 2008-12-29 12:07:18 UTC
FreeBSD src repository
Modified files:
sys/fs/pseudofs pseudofs_vncache.c
Log:
SVN rev 186560 on 2008-12-29 12:07:18Z by kib
After the pfs_vncache_mutex is dropped, another thread may attempt to
do pfs_vncache_alloc() for the same pfs_node and pid. In this case, we
could end up with two vnodes for the pair. Recheck the cache under the
locked pfs_vncache_mutex after all sleeping operations are done [1].
This case mostly cannot happen now because pseudofs uses exclusive vnode
locking for lookup. But it does drop the vnode lock for dotdot lookups,
and Marcus' pseudofs_vptocnp implementation is vulnerable too.
Do not call free() on the struct pfs_vdata after insmntque() failure,
because vp->v_data points to the structure, and pseudofs_reclaim()
frees it by the call to pfs_vncache_free().
Tested by: pho [1]
Approved by: des
MFC after: 2 weeks
Revision Changes Path
1.43 +26 -13 src/sys/fs/pseudofs/pseudofs_vncache.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812291207.mBTC7PYG050088>