CVS commit: src/sys/fs/tmpfs

Sat, 04 Jan 2014 04:37:13 -0800 

Module Name:    src
Committed By:   hannken
Date:           Sat Jan  4 12:36:49 UTC 2014

Modified Files:
        src/sys/fs/tmpfs: tmpfs_vfsops.c

Log Message:
Fix a race where thread1 runs VOP_REMOVE() and gets preempted in
tmpfs_reclaim() before the call to tmpfs_free_node().  Thread2
runs VFS_FHTOVP() and gets a new vnode attached to the node thread1
is about to destroy.

Change tmpfs_fhtovp() to check the generation number after
tmpfs_vnode_get() succeeded.


To generate a diff of this commit:
cvs rdiff -u -r1.55 -r1.56 src/sys/fs/tmpfs/tmpfs_vfsops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/fs/tmpfs/tmpfs_vfsops.c
diff -u src/sys/fs/tmpfs/tmpfs_vfsops.c:1.55 src/sys/fs/tmpfs/tmpfs_vfsops.c:1.56
--- src/sys/fs/tmpfs/tmpfs_vfsops.c:1.55	Sat Nov 23 16:35:32 2013
+++ src/sys/fs/tmpfs/tmpfs_vfsops.c	Sat Jan  4 12:36:49 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: tmpfs_vfsops.c,v 1.55 2013/11/23 16:35:32 rmind Exp $	*/
+/*	$NetBSD: tmpfs_vfsops.c,v 1.56 2014/01/04 12:36:49 hannken Exp $	*/
 
 /*
  * Copyright (c) 2005, 2006, 2007 The NetBSD Foundation, Inc.
@@ -42,7 +42,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tmpfs_vfsops.c,v 1.55 2013/11/23 16:35:32 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tmpfs_vfsops.c,v 1.56 2014/01/04 12:36:49 hannken Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -282,6 +282,7 @@ tmpfs_fhtovp(struct mount *mp, struct fi
 	tmpfs_mount_t *tmp = VFS_TO_TMPFS(mp);
 	tmpfs_node_t *node;
 	tmpfs_fid_t tfh;
+	int error;
 
 	if (fhp->fid_len != sizeof(tmpfs_fid_t)) {
 		return EINVAL;
@@ -290,19 +291,25 @@ tmpfs_fhtovp(struct mount *mp, struct fi
 
 	mutex_enter(&tmp->tm_lock);
 	LIST_FOREACH(node, &tmp->tm_nodes, tn_entries) {
-		if (node->tn_id != tfh.tf_id) {
-			continue;
-		}
-		if (TMPFS_NODE_GEN(node) != tfh.tf_gen) {
-			continue;
+		if (node->tn_id == tfh.tf_id) {
+			mutex_enter(&node->tn_vlock);
+			break;
 		}
-		mutex_enter(&node->tn_vlock);
-		break;
 	}
 	mutex_exit(&tmp->tm_lock);
 
+	if (node == NULL)
+		return ESTALE;
 	/* Will release the tn_vlock. */
-	return node ? tmpfs_vnode_get(mp, node, vpp) : ESTALE;
+	if ((error = tmpfs_vnode_get(mp, node, vpp)) != 0)
+		return error;
+	if (TMPFS_NODE_GEN(node) != tfh.tf_gen) {
+		vput(*vpp);
+		*vpp = NULL;
+		return ESTALE;
+	}
+
+	return 0;
 }
 
 static int

Reply via email to