From nobody Tue Nov 11 14:59:08 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d5V6h3QcVz6GYCs; Tue, 11 Nov 2025 14:59:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4d5V6h2tSZz3M2l; Tue, 11 Nov 2025 14:59:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1762873148; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lu9wdZfTlTAxZ+z3YhPNs2oNJ8gvFF1dyEq0A5FE48k=; b=WFssp/ASGNue2ZE0DfkkgZczAwqhsPZB0ZzGFBqZBn2Kif6bmi85IQh4xEoV/kh66Lz6dT bDgg4BZbzCQqxp53gXgTExc0GsSpaUL9x/ELD+9mQXgxoMHIfiQQo1QJbvDk+ldVCDS/A0 M/IafywTYWwU8/Gl4Ky69ZAC+KRj+RU5m6qogJRno67yqMlXSr3ZicyZ/qbVkcC+2vP+Lo r8xRGldmyjw/P7W1S1PGj8eUPJYumZfoc88EXR2zcTEWpS8Z0AqVyo230Rp5flfBVpGFfW iMDCvNc2YnNlEeTCvB2pVzz+OHIxUhqAAcvnWJX4Jq7HH6fvVgtsGNP8v2CAYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1762873148; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lu9wdZfTlTAxZ+z3YhPNs2oNJ8gvFF1dyEq0A5FE48k=; b=AUteuj+Q/RZaKjjAcRH/ySDWqzuKgOt2wxC6d+jQA1A2It/N0HWJxDeWqV/Yidr2qw2XYp PZrUaqOSXpLkUZTWfqK8iJpWEAPoCBpoXcWM579lX2mkREWXyOZ4lPcIPmSj1GVO4kbnGt /6st8x71Snno6BhWD1lL9zH1I5H7TepBJnkolHDA8LUT0rMqxCUBvG1TgRQqpT9IxNMLth mIDIy+ixk3+Nm0sLqWSoali5ZJCvele22w4CzatntW6igus3FmQoBV/ivSP5fEdvWh0gFT GZTgEuMEjHNbU7YOOhA4mHd2+MPcLqBwOOk29IaaCNUCfJMYAZc0SAc+p+5tfg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1762873148; a=rsa-sha256; cv=none; b=wfXuGZKUXu/J4QGvtxa7RaxCJIZgdTvHzXB9hlnMSrq/Jh2dCrxzK/1I4M+rSmBjhWgyWM p5CcGsnugQPl+6VZB0Pv1clhL16+2NNLw4f63PcXQbk3AaQXhNiFA4PqYND5Cs8dr5pMH3 uNpdSXxgxiITPZ+gQzwZcAea3xH5tkRd+i4g6qJiQjVYJ9cxu2cpjfq/y8k28omOxhRJv3 gUIeN+H9ZQ4Etkf0SZ5AXA1UcWE8HJc1RvFSDCNbMptyNlSEqMi3LqBvDeajgSzJzbidsW hu4SHKkqVkUU5FmWFLi0xV7tL+v0hWQLf2VQB9SColRSHIROhAWydcJNRF4cmg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d5V6h29QRz17xH; Tue, 11 Nov 2025 14:59:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5ABEx8E6056217; Tue, 11 Nov 2025 14:59:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5ABEx8Co056214; Tue, 11 Nov 2025 14:59:08 GMT (envelope-from git) Date: Tue, 11 Nov 2025 14:59:08 GMT Message-Id: <202511111459.5ABEx8Co056214@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 99cb3dca4773 - main - vnode: Rework vput() to avoid holding the vnode lock after decrementing List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 99cb3dca4773fe4a16c500f9cb55fcd62cd8d7f3 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=99cb3dca4773fe4a16c500f9cb55fcd62cd8d7f3 commit 99cb3dca4773fe4a16c500f9cb55fcd62cd8d7f3 Author: Mark Johnston AuthorDate: 2025-11-11 14:47:06 +0000 Commit: Mark Johnston CommitDate: 2025-11-11 14:58:59 +0000 vnode: Rework vput() to avoid holding the vnode lock after decrementing It is not safe to modify the vnode structure after releasing one's reference. Modify vput() to avoid this. Use refcount_release_if_last() to opportunistically call vput_final() with the vnode lock held since we need the vnode lock in order to deactivate the vnode, and it's silly to drop the vnode lock and immediately reacquire it in this common case. Note that vunref() has a similar flaw. D52628 aims to fix the problem more holistically, but this change fixes observable panics in the meantime. Reported by: syzbot+6676b3ff282d590b0fb3@syzkaller.appspotmail.com Reported by: syzbot+38e26cf6f959e886f110@syzkaller.appspotmail.com Reviewed by: kib MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52608 --- sys/kern/vfs_subr.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 58975f7ac932..9cf983f6f89d 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3713,11 +3713,12 @@ vput(struct vnode *vp) ASSERT_VOP_LOCKED(vp, __func__); ASSERT_VI_UNLOCKED(vp, __func__); - if (!refcount_release(&vp->v_usecount)) { - VOP_UNLOCK(vp); + if (refcount_release_if_last(&vp->v_usecount)) { + vput_final(vp, VPUT); return; } - vput_final(vp, VPUT); + VOP_UNLOCK(vp); + vrele(vp); } /*