Date: Sun, 6 Sep 2009 11:44:46 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r196887 - head/sys/kern Message-ID: <200909061144.n86BikcZ082916@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sun Sep 6 11:44:46 2009 New Revision: 196887 URL: http://svn.freebsd.org/changeset/base/196887 Log: In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent vn_start_write(NULL, &mp) from operating on potentially freed or reused struct mount *. Remove unmatched vfs_rel() in cleanup. Noted and reviewed by: tegge Tested by: pho MFC after: 3 days Modified: head/sys/kern/vfs_syscalls.c Modified: head/sys/kern/vfs_syscalls.c ============================================================================== --- head/sys/kern/vfs_syscalls.c Sun Sep 6 10:27:45 2009 (r196886) +++ head/sys/kern/vfs_syscalls.c Sun Sep 6 11:44:46 2009 (r196887) @@ -4439,12 +4439,15 @@ fhopen(td, uap) goto bad; } if (fmode & O_TRUNC) { + vfs_ref(mp); VOP_UNLOCK(vp, 0); /* XXX */ if ((error = vn_start_write(NULL, &mp, V_WAIT | PCATCH)) != 0) { vrele(vp); + vfs_rel(mp); goto out; } vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */ + vfs_rel(mp); #ifdef MAC /* * We don't yet have fp->f_cred, so use td->td_ucred, which @@ -4516,7 +4519,6 @@ fhopen(td, uap) VOP_UNLOCK(vp, 0); fdrop(fp, td); - vfs_rel(mp); VFS_UNLOCK_GIANT(vfslocked); td->td_retval[0] = indx; return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909061144.n86BikcZ082916>