From owner-cvs-all@FreeBSD.ORG  Wed Oct 19 20:29:10 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6AC0B16A41F;
	Wed, 19 Oct 2005 20:29:10 +0000 (GMT)
	(envelope-from truckman@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4295F43D70;
	Wed, 19 Oct 2005 20:29:08 +0000 (GMT)
	(envelope-from truckman@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j9JKT8np017100;
	Wed, 19 Oct 2005 20:29:08 GMT
	(envelope-from truckman@repoman.freebsd.org)
Received: (from truckman@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j9JKT886017099;
	Wed, 19 Oct 2005 20:29:08 GMT (envelope-from truckman)
Message-Id: <200510192029.j9JKT886017099@repoman.freebsd.org>
From: Don Lewis <truckman@FreeBSD.org>
Date: Wed, 19 Oct 2005 20:29:08 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: RELENG_6
Cc: 
Subject: cvs commit: src/sys/ufs/ufs ufs_lookup.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2005 20:29:10 -0000

truckman    2005-10-19 20:29:08 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_6)
    sys/ufs/ufs          ufs_lookup.c 
  Log:
  MFC ufs_lookup.c 1.78 and 1.79.
  
  Original commit messages:
    Modified files:
      sys/ufs/ufs          ufs_lookup.c
    Log:
    Close a race in the ufs_lookup() code that handles the ISDOTDOT
    case by saving the value of dp->i_ino before unlocking the vnode
    for the current directory and passing the saved value to VFS_VGET().
  
    Without this change, another thread can overwrite dp->i_ino after
    the current directory is unlocked, causing  ufs_lookup() to lock
    and return the wrong vnode in place of the vnode for its parent
    directory.  A deadlock can occur if dp->i_ino was changed to a
    subdirectory of the current directory because the root to leaf vnode
    lock ordering will be violated.  A vnode lock can be leaked if
    dp->i_ino was changed to point to the current directory, which
    causes the current vnode lock for the current directory to be
    recursed, which confuses lookup() into calling vrele() when it
    should be calling vput().
  
    The probability of this bug being triggered seems to be quite low
    unless the sysctl variable debug.vfscache is set to 0.
  
    Reviewed by:    jhb
    MFC after:      2 weeks
  
    Revision  Changes    Path
    1.78      +3 -1      src/sys/ufs/ufs/ufs_lookup.c
  
    Modified files:
      sys/ufs/ufs          ufs_lookup.c
    Log:
    Correct the type of the temporary variable used by ufs_lookup.c:1.78
    to fix the race condition in the ufs_lookup() ISDOTDOT code.
  
    Noticed by:     bde
    MFC after:      12 days
  
    Revision  Changes    Path
    1.79      +1 -1      src/sys/ufs/ufs/ufs_lookup.c
  
  Approved by:    re (scottl)
  
  Revision  Changes    Path
  1.77.2.1  +3 -1      src/sys/ufs/ufs/ufs_lookup.c