From nobody Thu Oct 16 15:31:28 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cnX403G5pz6Cg7y;
	Thu, 16 Oct 2025 15:31:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cnX402bJYz3PwV;
	Thu, 16 Oct 2025 15:31:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1760628688;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PaaMjcjiTNu0L+DzsSNFUENO8p7Sf7eOicGwl4V+tmQ=;
	b=uQCgUr5yzevLa1HNzY4RQMGLt5twK6vU58es2BXEEnedQOVcdknAjpVT/mU6t1CjsFNkPF
	6FCnu27C+NX9NrNLF7M/oyESjrGqb3Xv4dJzpe7fMw+IBFFDqTTzfrkGMKfm4nRrOP3H1U
	3NVEwRMly5WDmrilJOYwAMoVzJfwaztQvxSNgIJvQXiASjzPf977vah5kPRN+wGOXM2Z+Q
	gpmp8oMSztLZbk91Q+Sh3XAG5f3IPaB4AnxCYlU45hQgJScuP92G/2U1mXl4r/QvdMcNH7
	1AOlo1cWLVWYIYjEhUEh3csFZ6QleBhUMefd8kNiz1zFVZ3Nc981QByY1Vbh3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1760628688;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PaaMjcjiTNu0L+DzsSNFUENO8p7Sf7eOicGwl4V+tmQ=;
	b=S+WLLTkrnj/CiuoFBobxlhKYO1jYpzf5wH8aVTgId1r5Wfmc0kYW4/8QfaEVHLkhhzS9jX
	rKXziUz6RlkmLOm6pc5rEsEU3xXqY2bsG/9pAFC9bUoTdbCLHdGAKKD/vcMUxg51apqea6
	grZJMI4J+mT1FjcHP/9vYvkAwuRoMNJQN+SnFDz2ulbIu2WKGeCVHJdcd7tU9/kKGmmI87
	G/XHNoY2lHhSPRHKg7SnB2XE5mz9nezcTxGsGOXBUtogk/DoJnx4xOjuXae5bTdzaj8oi5
	DJzn+Es/gtqNYHWA3Po2eyg6dBqpsk1b+pZUxsStkxuB+UIvXkPThBfu6+Zyng==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760628688; a=rsa-sha256; cv=none;
	b=Ie51/BoRs3O/7ElVibSIXz9nvPqxMDaMpY8F04R00jbqnChzz4TXXhOQne+jzc1vk9M5o2
	gh+L3nJJLVm/P1qPfpNbx4CMynqAuHX01CE3vXpreGiYAAzp0ylfb1xePUQ0HzGIvN0BZf
	+Ru7bvn5MFCv4ZZli8YjQo3kZJIRkmi1vVAzX/2RnrH9U/iwnXvub8OFpZ4DdPpKs+1v9b
	t8VE108ynWqgD3sABwuIJdHs4dMHMjwBKEa60d+p28VTEbtcaAeXO9WeyVAsaDo/vTyov4
	U5QgLaRAZmK7nboGqagAbjHFY+TJ6tthQI8365TXylUzYdUyJrQ5u97ta7YmoA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cnX4028S0z1SGK;
	Thu, 16 Oct 2025 15:31:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59GFVSJN000902;
	Thu, 16 Oct 2025 15:31:28 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59GFVSP2000899;
	Thu, 16 Oct 2025 15:31:28 GMT
	(envelope-from git)
Date: Thu, 16 Oct 2025 15:31:28 GMT
Message-Id: <202510161531.59GFVSP2000899@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: "Jason A. Harmening" <jah@FreeBSD.org>
Subject: git: a498c5e1a111 - main - unionfs: avoid vdrop()ing a
  locked but doomed vnode
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jah
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: a498c5e1a111ae8c48b8e7028daff861785c2bf2
Auto-Submitted: auto-generated

The branch main has been updated by jah:

URL: https://cgit.FreeBSD.org/src/commit/?id=a498c5e1a111ae8c48b8e7028daff861785c2bf2

commit a498c5e1a111ae8c48b8e7028daff861785c2bf2
Author:     Jason A. Harmening <jah@FreeBSD.org>
AuthorDate: 2025-10-14 19:40:39 +0000
Commit:     Jason A. Harmening <jah@FreeBSD.org>
CommitDate: 2025-10-16 15:30:34 +0000

    unionfs: avoid vdrop()ing a locked but doomed vnode
    
    unionfs_lock() unconditionally calls vdrop() on the target vnode
    after locking it, but it's possible this vnode may be doomed.
    In that case, vdrop() may free the vnode, which in certain cases
    requires taking the vnode lock.  Commit a7aac8c20497d added an
    assert to this effect, which unionfs_lock() now trips over.
    
    Fix this by lightly reworking the flow of unionfs_lock() so that
    the target vnode is vdrop()ed after being unlocked in the case
    where the unionfs lock operation needs to be restarted (which
    will happen if the unionfs vnode has been doomed, which is a
    prerequisite for the target vnode in the underlying filesystem
    to have been doomed).
    
    While here, get rid of a superfluous vhold/vdrop sequence in
    unionfs_unlock() that was probably inherited from nullfs and whose
    nullfs equivalent was recently removed.
    
    MFC after:      1 week
    Reviewed by:    kib, markj, olce
    Tested by:      pho
    Differential Revision: https://reviews.freebsd.org/D53107
---
 sys/fs/unionfs/union_vnops.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/sys/fs/unionfs/union_vnops.c b/sys/fs/unionfs/union_vnops.c
index 26fa14603c85..66fee97a07d5 100644
--- a/sys/fs/unionfs/union_vnops.c
+++ b/sys/fs/unionfs/union_vnops.c
@@ -2208,7 +2208,6 @@ unionfs_lock_restart:
 	vholdnz(tvp);
 	VI_UNLOCK(vp);
 	error = VOP_LOCK(tvp, flags);
-	vdrop(tvp);
 	if (error == 0 && (lvp_locked || VTOUNIONFS(vp) == NULL)) {
 		/*
 		 * After dropping the interlock above, there exists a window
@@ -2234,6 +2233,7 @@ unionfs_lock_restart:
 		unp = VTOUNIONFS(vp);
 		if (unp == NULL || unp->un_uppervp != NULL) {
 			VOP_UNLOCK(tvp);
+			vdrop(tvp);
 			/*
 			 * If we previously held the lock, the upgrade may
 			 * have temporarily dropped the lock, in which case
@@ -2249,6 +2249,7 @@ unionfs_lock_restart:
 			goto unionfs_lock_restart;
 		}
 	}
+	vdrop(tvp);
 
 	return (error);
 }
@@ -2259,7 +2260,6 @@ unionfs_unlock(struct vop_unlock_args *ap)
 	struct vnode   *vp;
 	struct vnode   *tvp;
 	struct unionfs_node *unp;
-	int		error;
 
 	KASSERT_UNIONFS_VNODE(ap->a_vp);
 
@@ -2271,11 +2271,7 @@ unionfs_unlock(struct vop_unlock_args *ap)
 
 	tvp = (unp->un_uppervp != NULL ? unp->un_uppervp : unp->un_lowervp);
 
-	vholdnz(tvp);
-	error = VOP_UNLOCK(tvp);
-	vdrop(tvp);
-
-	return (error);
+	return (VOP_UNLOCK(tvp));
 }
 
 static int