Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Dec 2017 13:30:56 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r327059 - stable/11/sys/fs/devfs
Message-ID:  <201712211330.vBLDUu7m049423@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kib
Date: Thu Dec 21 13:30:56 2017
New Revision: 327059
URL: https://svnweb.freebsd.org/changeset/base/327059

Log:
  MFC r326851:
  In devfs_lookupx() dotdot lookup case, avoid dereferencing
  dvp->v_mount after dvp is unlocked.

Modified:
  stable/11/sys/fs/devfs/devfs_vnops.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- stable/11/sys/fs/devfs/devfs_vnops.c	Thu Dec 21 12:21:35 2017	(r327058)
+++ stable/11/sys/fs/devfs/devfs_vnops.c	Thu Dec 21 13:30:56 2017	(r327059)
@@ -880,6 +880,7 @@ devfs_lookupx(struct vop_lookup_args *ap, int *dm_unlo
 	struct devfs_dirent *de, *dd;
 	struct devfs_dirent **dde;
 	struct devfs_mount *dmp;
+	struct mount *mp;
 	struct cdev *cdev;
 	int error, flags, nameiop, dvplocked;
 	char specname[SPECNAMELEN + 1], *pname;
@@ -891,7 +892,8 @@ devfs_lookupx(struct vop_lookup_args *ap, int *dm_unlo
 	td = cnp->cn_thread;
 	flags = cnp->cn_flags;
 	nameiop = cnp->cn_nameiop;
-	dmp = VFSTODEVFS(dvp->v_mount);
+	mp = dvp->v_mount;
+	dmp = VFSTODEVFS(mp);
 	dd = dvp->v_data;
 	*vpp = NULLVP;
 
@@ -924,8 +926,8 @@ devfs_lookupx(struct vop_lookup_args *ap, int *dm_unlo
 			return (ENOENT);
 		dvplocked = VOP_ISLOCKED(dvp);
 		VOP_UNLOCK(dvp, 0);
-		error = devfs_allocv(de, dvp->v_mount,
-		    cnp->cn_lkflags & LK_TYPE_MASK, vpp);
+		error = devfs_allocv(de, mp, cnp->cn_lkflags & LK_TYPE_MASK,
+		    vpp);
 		*dm_unlock = 0;
 		vn_lock(dvp, dvplocked | LK_RETRY);
 		return (error);
@@ -1010,8 +1012,7 @@ devfs_lookupx(struct vop_lookup_args *ap, int *dm_unlo
 			return (0);
 		}
 	}
-	error = devfs_allocv(de, dvp->v_mount, cnp->cn_lkflags & LK_TYPE_MASK,
-	    vpp);
+	error = devfs_allocv(de, mp, cnp->cn_lkflags & LK_TYPE_MASK, vpp);
 	*dm_unlock = 0;
 	return (error);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712211330.vBLDUu7m049423>