Hi,
When looping over mount points, the FOREACH SAVE macro is not save.
The loop variable mp is protected by vfs_busy() so that it cannot
be unmounted. But the next mount point nmp could be unmounted while
VFS_SYNC() sleeps. As the loop in vfs_stall() does not destroy the
mount point, TAILQ_FOREACH_REVERSE without _SAVE is the correct
macro to use.
ok?
bluhm
Index: kern/vfs_subr.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/vfs_subr.c,v
retrieving revision 1.270
diff -u -p -r1.270 vfs_subr.c
--- kern/vfs_subr.c 7 May 2018 15:24:05 -0000 1.270
+++ kern/vfs_subr.c 7 May 2018 17:11:00 -0000
@@ -1590,13 +1590,13 @@ struct rwlock vfs_stall_lock = RWLOCK_IN
int
vfs_stall(struct proc *p, int stall)
{
- struct mount *mp, *nmp;
+ struct mount *mp;
int allerror = 0, error;
if (stall)
rw_enter_write(&vfs_stall_lock);
- TAILQ_FOREACH_REVERSE_SAFE(mp, &mountlist, mntlist, mnt_list, nmp) {
+ TAILQ_FOREACH_REVERSE(mp, &mountlist, mntlist, mnt_list) {
if (stall) {
error = vfs_busy(mp, VB_WRITE|VB_WAIT);
if (error) {
