diff options
author | kib <kib@FreeBSD.org> | 2010-04-20 10:19:27 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2010-04-20 10:19:27 +0000 |
commit | d5b92466a9368c3ebeeb351f627452e66b5ec709 (patch) | |
tree | 7e49d1727e5b7479c5623dea52d412a43e45ab60 | |
parent | 0be03f320b674f387da392d9e4fece5b67a79ae1 (diff) | |
download | FreeBSD-src-d5b92466a9368c3ebeeb351f627452e66b5ec709.zip FreeBSD-src-d5b92466a9368c3ebeeb351f627452e66b5ec709.tar.gz |
The cache_enter(9) function shall not be called for doomed dvp.
Assert this.
In the reported panic, vdestroy() fired the assertion "vp has namecache
for ..", because pseudofs may end up doing cache_enter() with reclaimed
dvp, after dotdot lookup temporary unlocked dvp.
Similar problem exists in ufs_lookup() for "." lookup, when vnode
lock needs to be upgraded.
Verify that dvp is not reclaimed before calling cache_enter().
Reported and tested by: pho
Reviewed by: kan
MFC after: 2 weeks
-rw-r--r-- | sys/fs/pseudofs/pseudofs_vnops.c | 2 | ||||
-rw-r--r-- | sys/kern/vfs_cache.c | 2 | ||||
-rw-r--r-- | sys/ufs/ufs/ufs_lookup.c | 8 |
3 files changed, 11 insertions, 1 deletions
diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c index 5854378..f8343a9 100644 --- a/sys/fs/pseudofs/pseudofs_vnops.c +++ b/sys/fs/pseudofs/pseudofs_vnops.c @@ -542,7 +542,7 @@ pfs_lookup(struct vop_cachedlookup_args *va) if (cnp->cn_flags & ISDOTDOT) vn_lock(vn, LK_EXCLUSIVE|LK_RETRY); - if (cnp->cn_flags & MAKEENTRY) + if (cnp->cn_flags & MAKEENTRY && !(vn->v_iflag & VI_DOOMED)) cache_enter(vn, *vpp, cnp); PFS_RETURN (0); failed: diff --git a/sys/kern/vfs_cache.c b/sys/kern/vfs_cache.c index 533ec97..a13a721 100644 --- a/sys/kern/vfs_cache.c +++ b/sys/kern/vfs_cache.c @@ -611,6 +611,8 @@ cache_enter(dvp, vp, cnp) CTR3(KTR_VFS, "cache_enter(%p, %p, %s)", dvp, vp, cnp->cn_nameptr); VNASSERT(vp == NULL || (vp->v_iflag & VI_DOOMED) == 0, vp, ("cache_enter: Adding a doomed vnode")); + VNASSERT(dvp == NULL || (dvp->v_iflag & VI_DOOMED) == 0, dvp, + ("cache_enter: Doomed vnode used as src")); if (!doingcache) return; diff --git a/sys/ufs/ufs/ufs_lookup.c b/sys/ufs/ufs/ufs_lookup.c index b0247e7..ab71cf6 100644 --- a/sys/ufs/ufs/ufs_lookup.c +++ b/sys/ufs/ufs/ufs_lookup.c @@ -704,6 +704,14 @@ found: vn_lock(vdp, LK_UPGRADE | LK_RETRY); else /* if (ltype == LK_SHARED) */ vn_lock(vdp, LK_DOWNGRADE | LK_RETRY); + /* + * Relock for the "." case may left us with + * reclaimed vnode. + */ + if (vdp->v_iflag & VI_DOOMED) { + vrele(vdp); + return (ENOENT); + } } *vpp = vdp; } else { |