svn commit: r196887 - head/sys/kern
Konstantin Belousov
kib at FreeBSD.org
Sun Sep 6 11:44:47 UTC 2009
Author: kib
Date: Sun Sep 6 11:44:46 2009
New Revision: 196887
URL: http://svn.freebsd.org/changeset/base/196887
Log:
In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent
vn_start_write(NULL, &mp) from operating on potentially freed or reused
struct mount *.
Remove unmatched vfs_rel() in cleanup.
Noted and reviewed by: tegge
Tested by: pho
MFC after: 3 days
Modified:
head/sys/kern/vfs_syscalls.c
Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c Sun Sep 6 10:27:45 2009 (r196886)
+++ head/sys/kern/vfs_syscalls.c Sun Sep 6 11:44:46 2009 (r196887)
@@ -4439,12 +4439,15 @@ fhopen(td, uap)
goto bad;
}
if (fmode & O_TRUNC) {
+ vfs_ref(mp);
VOP_UNLOCK(vp, 0); /* XXX */
if ((error = vn_start_write(NULL, &mp, V_WAIT | PCATCH)) != 0) {
vrele(vp);
+ vfs_rel(mp);
goto out;
}
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); /* XXX */
+ vfs_rel(mp);
#ifdef MAC
/*
* We don't yet have fp->f_cred, so use td->td_ucred, which
@@ -4516,7 +4519,6 @@ fhopen(td, uap)
VOP_UNLOCK(vp, 0);
fdrop(fp, td);
- vfs_rel(mp);
VFS_UNLOCK_GIANT(vfslocked);
td->td_retval[0] = indx;
return (0);
More information about the svn-src-head
mailing list