Date: Sat, 29 Nov 2008 13:34:59 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/kern vfs_subr.c vfs_syscalls.c src/sys/nfsserver nfs_srvsubs.c src/sys/sys mount.h Message-ID: <200811291336.mATDaxgY039513@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
kib 2008-11-29 13:34:59 UTC
FreeBSD src repository
Modified files:
sys/kern vfs_subr.c vfs_syscalls.c
sys/nfsserver nfs_srvsubs.c
sys/sys mount.h
Log:
SVN rev 185432 on 2008-11-29 13:34:59Z by kib
In the nfsrv_fhtovp(), after the vfs_getvfs() function found the pointer
to the fs, but before a vnode on the fs is locked, unmount may free fs
structures, causing access to destroyed data and freed memory.
Introduce a vfs_busymp() function that looks up and busies found
fs while mountlist_mtx is held. Use it in nfsrv_fhtovp() and in the
implementation of the handle syscalls.
Two other uses of the vfs_getvfs() in the vfs_subr.c, namely in
sysctl_vfs_ctl and vfs_getnewfsid seems to be ok. In particular,
sysctl_vfs_ctl is protected by Giant by being a non-sleeping sysctl
handler, that prevents Giant-locked unmount code to interfere with it.
Noted by: tegge
Reviewed by: dfr
Tested by: pho
MFC after: 1 month
Revision Changes Path
1.749 +26 -0 src/sys/kern/vfs_subr.c
1.466 +9 -9 src/sys/kern/vfs_syscalls.c
1.162 +6 -3 src/sys/nfsserver/nfs_srvsubs.c
1.239 +1 -0 src/sys/sys/mount.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811291336.mATDaxgY039513>