The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=3e230e0cc4ad822554afaaa07369ca5ccb62054d
commit 3e230e0cc4ad822554afaaa07369ca5ccb62054d Author: Rick Macklem <[email protected]> AuthorDate: 2023-02-11 03:34:57 +0000 Commit: Rick Macklem <[email protected]> CommitDate: 2023-02-11 03:34:57 +0000 nfsd: Fix handling of the error case for nfsvno_open some more Commit ded5f2954e1a defined done_namei to indicate that nd_repstat was set after a successful nfsvno_namei(), so that a cleanup needs to be done in nfsvno_open(). However, it missed the case where a call to nfsrv_opencheck() in nfsvno_open() sets nd_repstat non-zero. This would cause panics due to a dangling locked vnode when nfsrv_opencheck() set nd_repstat, such as during grace just after a server boot. This patch fixes the problem. PR: 268971 --- sys/fs/nfsserver/nfs_nfsdport.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index 7305ae6a84fe..daa57222fe22 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -1842,10 +1842,19 @@ nfsvno_open(struct nfsrv_descript *nd, struct nameidata *ndp, u_quad_t tempsize; struct nfsexstuff nes; struct thread *p = curthread; + uint32_t oldrepstat; - if (ndp->ni_vp == NULL) + if (ndp->ni_vp == NULL) { + /* + * If nfsrv_opencheck() sets nd_repstat, done_namei needs to be + * set true, since cleanup after nfsvno_namei() is needed. + */ + oldrepstat = nd->nd_repstat; nd->nd_repstat = nfsrv_opencheck(clientid, stateidp, stp, NULL, nd, p, nd->nd_repstat); + if (nd->nd_repstat != 0 && oldrepstat == 0) + done_namei = true; + } if (!nd->nd_repstat) { if (ndp->ni_vp == NULL) { nd->nd_repstat = VOP_CREATE(ndp->ni_dvp,
