svn commit: r324295 - in stable/10/sys: cddl/compat/opensolaris/kern kern

Thu, 05 Oct 2017 00:17:11 -0700 

Author: avg
Date: Thu Oct  5 07:16:31 2017
New Revision: 324295
URL: https://svnweb.freebsd.org/changeset/base/324295

Log:
  MFC r323578,r323769: dounmount: do not release the mount point's reference
  on the covered vnode
  
  As long as mnt_ref is not zero there can be a consumer that might try
  to access mnt_vnodecovered.  For this reason the covered vnode must not
  be freed until mnt_ref goes to zero.
  So, move the release of the covered vnode to vfs_mount_destroy.

Modified:
  stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
  stable/10/sys/kern/vfs_mount.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
==============================================================================
--- stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c        Thu Oct 
 5 07:10:28 2017        (r324294)
+++ stable/10/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c        Thu Oct 
 5 07:16:31 2017        (r324295)
@@ -209,6 +209,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const cha
                vput(vp);
                vfs_unbusy(mp);
                vfs_freeopts(mp->mnt_optnew);
+               mp->mnt_vnodecovered = NULL;
                vfs_mount_destroy(mp);
                return (error);
        }

Modified: stable/10/sys/kern/vfs_mount.c
==============================================================================
--- stable/10/sys/kern/vfs_mount.c      Thu Oct  5 07:10:28 2017        
(r324294)
+++ stable/10/sys/kern/vfs_mount.c      Thu Oct  5 07:16:31 2017        
(r324295)
@@ -521,6 +521,8 @@ vfs_mount_destroy(struct mount *mp)
        if (mp->mnt_lockref != 0)
                panic("vfs_mount_destroy: nonzero lock refcount");
        MNT_IUNLOCK(mp);
+       if (mp->mnt_vnodecovered != NULL)
+               vrele(mp->mnt_vnodecovered);
 #ifdef MAC
        mac_mount_destroy(mp);
 #endif
@@ -818,6 +820,7 @@ vfs_domount_first(
        error = VFS_MOUNT(mp);
        if (error != 0) {
                vfs_unbusy(mp);
+               mp->mnt_vnodecovered = NULL;
                vfs_mount_destroy(mp);
                VI_LOCK(vp);
                vp->v_iflag &= ~VI_MOUNT;
@@ -1379,7 +1382,7 @@ dounmount(struct mount *mp, int flags, struct thread *
        EVENTHANDLER_INVOKE(vfs_unmounted, mp, td);
        if (coveredvp != NULL) {
                coveredvp->v_mountedhere = NULL;
-               vput(coveredvp);
+               VOP_UNLOCK(coveredvp, 0);
        }
        vfs_event_signal(NULL, VQ_UNMOUNT, 0);
        if (mp == rootdevmp)
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to