Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Oct 2017 06:54:25 +0000 (UTC)
From:      Andriy Gapon <avg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r324293 - in stable/11/sys: cddl/compat/opensolaris/kern kern
Message-ID:  <201710050654.v956sPQL099690@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: avg
Date: Thu Oct  5 06:54:25 2017
New Revision: 324293
URL: https://svnweb.freebsd.org/changeset/base/324293

Log:
  MFC r323578,r323769: dounmount: do not release the mount point's reference
  on the covered vnode
  
  As long as mnt_ref is not zero there can be a consumer that might try
  to access mnt_vnodecovered.  For this reason the covered vnode must not
  be freed until mnt_ref goes to zero.
  So, move the release of the covered vnode to vfs_mount_destroy.

Modified:
  stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
  stable/11/sys/kern/vfs_mount.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
==============================================================================
--- stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c	Thu Oct  5 06:39:57 2017	(r324292)
+++ stable/11/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c	Thu Oct  5 06:54:25 2017	(r324293)
@@ -209,6 +209,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const cha
 		vput(vp);
 		vfs_unbusy(mp);
 		vfs_freeopts(mp->mnt_optnew);
+		mp->mnt_vnodecovered = NULL;
 		vfs_mount_destroy(mp);
 		return (error);
 	}

Modified: stable/11/sys/kern/vfs_mount.c
==============================================================================
--- stable/11/sys/kern/vfs_mount.c	Thu Oct  5 06:39:57 2017	(r324292)
+++ stable/11/sys/kern/vfs_mount.c	Thu Oct  5 06:54:25 2017	(r324293)
@@ -522,6 +522,8 @@ vfs_mount_destroy(struct mount *mp)
 	if (mp->mnt_lockref != 0)
 		panic("vfs_mount_destroy: nonzero lock refcount");
 	MNT_IUNLOCK(mp);
+	if (mp->mnt_vnodecovered != NULL)
+		vrele(mp->mnt_vnodecovered);
 #ifdef MAC
 	mac_mount_destroy(mp);
 #endif
@@ -819,6 +821,7 @@ vfs_domount_first(
 	error = VFS_MOUNT(mp);
 	if (error != 0) {
 		vfs_unbusy(mp);
+		mp->mnt_vnodecovered = NULL;
 		vfs_mount_destroy(mp);
 		VI_LOCK(vp);
 		vp->v_iflag &= ~VI_MOUNT;
@@ -1426,7 +1429,7 @@ dounmount(struct mount *mp, int flags, struct thread *
 	EVENTHANDLER_INVOKE(vfs_unmounted, mp, td);
 	if (coveredvp != NULL) {
 		coveredvp->v_mountedhere = NULL;
-		vput(coveredvp);
+		VOP_UNLOCK(coveredvp, 0);
 	}
 	vfs_event_signal(NULL, VQ_UNMOUNT, 0);
 	if (mp == rootdevmp)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710050654.v956sPQL099690>