From fa3c3c05d21c3653fd6673e763f0cbdb49c161a9 Mon Sep 17 00:00:00 2001 From: avg Date: Thu, 14 Sep 2017 08:47:06 +0000 Subject: [PATCH] dounmount: do not release the mount point's reference on the covered vnode As long as mnt_ref is not zero there can be a consumer that might try to access mnt_vnodecovered. For this reason the covered vnode must not be freed until mnt_ref goes to zero. So, move the release of the covered vnode to vfs_mount_destroy. Reviewed by: kib MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D12329 --- sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c | 1 + sys/kern/vfs_mount.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c b/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c index d33b034a4d61..894675ac91a5 100644 --- a/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c +++ b/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c @@ -209,6 +209,7 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath, vput(vp); vfs_unbusy(mp); vfs_freeopts(mp->mnt_optnew); + mp->mnt_vnodecovered = NULL; vfs_mount_destroy(mp); return (error); } diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index 117ad95438d2..43085fd0b658 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -507,6 +507,8 @@ vfs_mount_destroy(struct mount *mp) KASSERT(mp->mnt_ref == 0, ("%s: invalid refcount in the drain path @ %s:%d", __func__, __FILE__, __LINE__)); + if (mp->mnt_vnodecovered != NULL) + vrele(mp->mnt_vnodecovered); if (mp->mnt_writeopcount != 0) panic("vfs_mount_destroy: nonzero writeopcount"); if (mp->mnt_secondary_writes != 0) @@ -819,6 +821,7 @@ vfs_domount_first( error = VFS_MOUNT(mp); if (error != 0) { vfs_unbusy(mp); + mp->mnt_vnodecovered = NULL; vfs_mount_destroy(mp); VI_LOCK(vp); vp->v_iflag &= ~VI_MOUNT; @@ -1426,7 +1429,7 @@ dounmount(struct mount *mp, int flags, struct thread *td) EVENTHANDLER_INVOKE(vfs_unmounted, mp, td); if (coveredvp != NULL) { coveredvp->v_mountedhere = NULL; - vput(coveredvp); + VOP_UNLOCK(coveredvp, 0); } vfs_event_signal(NULL, VQ_UNMOUNT, 0); if (mp == rootdevmp) -- 2.41.0