svn commit: r323578 - in head/sys: cddl/compat/opensolaris/kern kern

Thu, 14 Sep 2017 01:48:07 -0700 

Author: avg
Date: Thu Sep 14 08:47:06 2017
New Revision: 323578
URL: https://svnweb.freebsd.org/changeset/base/323578

Log:
  dounmount: do not release the mount point's reference on the covered vnode
  
  As long as mnt_ref is not zero there can be a consumer that might try
  to access mnt_vnodecovered.  For this reason the covered vnode must not
  be freed until mnt_ref goes to zero.
  So, move the release of the covered vnode to vfs_mount_destroy.
  
  Reviewed by:  kib
  MFC after:    3 weeks
  Differential Revision: https://reviews.freebsd.org/D12329

Modified:
  head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
  head/sys/kern/vfs_mount.c

Modified: head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
==============================================================================
--- head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c     Thu Sep 14 
05:48:23 2017        (r323577)
+++ head/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c     Thu Sep 14 
08:47:06 2017        (r323578)
@@ -209,6 +209,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const cha
                vput(vp);
                vfs_unbusy(mp);
                vfs_freeopts(mp->mnt_optnew);
+               mp->mnt_vnodecovered = NULL;
                vfs_mount_destroy(mp);
                return (error);
        }

Modified: head/sys/kern/vfs_mount.c
==============================================================================
--- head/sys/kern/vfs_mount.c   Thu Sep 14 05:48:23 2017        (r323577)
+++ head/sys/kern/vfs_mount.c   Thu Sep 14 08:47:06 2017        (r323578)
@@ -507,6 +507,8 @@ vfs_mount_destroy(struct mount *mp)
        KASSERT(mp->mnt_ref == 0,
            ("%s: invalid refcount in the drain path @ %s:%d", __func__,
            __FILE__, __LINE__));
+       if (mp->mnt_vnodecovered != NULL)
+               vrele(mp->mnt_vnodecovered);
        if (mp->mnt_writeopcount != 0)
                panic("vfs_mount_destroy: nonzero writeopcount");
        if (mp->mnt_secondary_writes != 0)
@@ -819,6 +821,7 @@ vfs_domount_first(
        error = VFS_MOUNT(mp);
        if (error != 0) {
                vfs_unbusy(mp);
+               mp->mnt_vnodecovered = NULL;
                vfs_mount_destroy(mp);
                VI_LOCK(vp);
                vp->v_iflag &= ~VI_MOUNT;
@@ -1426,7 +1429,7 @@ dounmount(struct mount *mp, int flags, struct thread *
        EVENTHANDLER_INVOKE(vfs_unmounted, mp, td);
        if (coveredvp != NULL) {
                coveredvp->v_mountedhere = NULL;
-               vput(coveredvp);
+               VOP_UNLOCK(coveredvp, 0);
        }
        vfs_event_signal(NULL, VQ_UNMOUNT, 0);
        if (mp == rootdevmp)
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"

Reply via email to