svn commit: r196887 - head/sys/kern

Sun, 06 Sep 2009 04:45:12 -0700 

Author: kib
Date: Sun Sep  6 11:44:46 2009
New Revision: 196887
URL: http://svn.freebsd.org/changeset/base/196887

Log:
  In fhopen, vfs_ref() the mount point while vnode is unlocked, to prevent
  vn_start_write(NULL, &mp) from operating on potentially freed or reused
  struct mount *.
  
  Remove unmatched vfs_rel() in cleanup.
  
  Noted and reviewed by:        tegge
  Tested by:    pho
  MFC after:    3 days

Modified:
  head/sys/kern/vfs_syscalls.c

Modified: head/sys/kern/vfs_syscalls.c
==============================================================================
--- head/sys/kern/vfs_syscalls.c        Sun Sep  6 10:27:45 2009        
(r196886)
+++ head/sys/kern/vfs_syscalls.c        Sun Sep  6 11:44:46 2009        
(r196887)
@@ -4439,12 +4439,15 @@ fhopen(td, uap)
                        goto bad;
        }
        if (fmode & O_TRUNC) {
+               vfs_ref(mp);
                VOP_UNLOCK(vp, 0);                              /* XXX */
                if ((error = vn_start_write(NULL, &mp, V_WAIT | PCATCH)) != 0) {
                        vrele(vp);
+                       vfs_rel(mp);
                        goto out;
                }
                vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);   /* XXX */
+               vfs_rel(mp);
 #ifdef MAC
                /*
                 * We don't yet have fp->f_cred, so use td->td_ucred, which
@@ -4516,7 +4519,6 @@ fhopen(td, uap)
 
        VOP_UNLOCK(vp, 0);
        fdrop(fp, td);
-       vfs_rel(mp);
        VFS_UNLOCK_GIANT(vfslocked);
        td->td_retval[0] = indx;
        return (0);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to