cvs commit: src/sys/ufs/ufs ufs_lookup.c

Don Lewis truckman at FreeBSD.org
Wed Oct 19 13:31:46 PDT 2005


truckman    2005-10-19 20:31:46 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6_0)
    sys/ufs/ufs          ufs_lookup.c 
  Log:
  MFC ufs_lookup.c 1.78 and 1.79.
  
  Original commit messages:
    Modified files:
      sys/ufs/ufs          ufs_lookup.c
    Log:
    Close a race in the ufs_lookup() code that handles the ISDOTDOT
    case by saving the value of dp->i_ino before unlocking the vnode
    for the current directory and passing the saved value to VFS_VGET().
  
    Without this change, another thread can overwrite dp->i_ino after
    the current directory is unlocked, causing  ufs_lookup() to lock
    and return the wrong vnode in place of the vnode for its parent
    directory.  A deadlock can occur if dp->i_ino was changed to a
    subdirectory of the current directory because the root to leaf vnode
    lock ordering will be violated.  A vnode lock can be leaked if
    dp->i_ino was changed to point to the current directory, which
    causes the current vnode lock for the current directory to be
    recursed, which confuses lookup() into calling vrele() when it
    should be calling vput().
  
    The probability of this bug being triggered seems to be quite low
    unless the sysctl variable debug.vfscache is set to 0.
  
    Reviewed by:    jhb
    MFC after:      2 weeks
  
    Revision  Changes    Path
    1.78      +3 -1      src/sys/ufs/ufs/ufs_lookup.c
  
    Modified files:
      sys/ufs/ufs          ufs_lookup.c
    Log:
    Correct the type of the temporary variable used by ufs_lookup.c:1.78
    to fix the race condition in the ufs_lookup() ISDOTDOT code.
  
    Noticed by:     bde
    MFC after:      12 days
  
    Revision  Changes    Path
    1.79      +1 -1      src/sys/ufs/ufs/ufs_lookup.c
  
  Approved by:    re (scottl)
  
  Revision  Changes    Path
  1.77.4.1  +3 -1      src/sys/ufs/ufs/ufs_lookup.c


More information about the cvs-all mailing list