On Sun, Jun 26, 2016 at 12:37:57PM -0700, Philip Guenther wrote:
> On Sun, Jun 26, 2016 at 9:09 AM, Sebastien Marie <[email protected]> wrote:
> > In the following code, namei() call is done in doutimensat(), and
> > nd.ni_vp is passed to dovutimens() as vp.
> >
> > In the same way, in dofutimens() the vp (from getvnode) is vref() before
> > calling dovutimens().
> >
> > So I think we should call vput() before returning any error.
>
> Nice catch. I think the fix isn't right, however: vput() is for use
> on locked vnodes, but the vn_lock() call is after these checks. The
> vnode is only vref()ed here so it just needs a vrele().
>
Here a new diff to use vrele() instead of vput() (via goto).
OK ?
--
Sebastien Marie
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.258
diff -u -p -r1.258 vfs_syscalls.c
--- kern/vfs_syscalls.c 27 Jun 2016 04:14:38 -0000 1.258
+++ kern/vfs_syscalls.c 27 Jun 2016 04:16:35 -0000
@@ -2332,13 +2332,17 @@ dovutimens(struct proc *p, struct vnode
}
if (ts[0].tv_nsec != UTIME_OMIT) {
- if (ts[0].tv_nsec < 0 || ts[0].tv_nsec >= 1000000000)
+ if (ts[0].tv_nsec < 0 || ts[0].tv_nsec >= 1000000000) {
+ vrele(vp);
return (EINVAL);
+ }
vattr.va_atime = ts[0];
}
if (ts[1].tv_nsec != UTIME_OMIT) {
- if (ts[1].tv_nsec < 0 || ts[1].tv_nsec >= 1000000000)
+ if (ts[1].tv_nsec < 0 || ts[1].tv_nsec >= 1000000000) {
+ vrele(vp);
return (EINVAL);
+ }
vattr.va_mtime = ts[1];
}
