When devfs dirent is freed, a vnode might still keep a pointer to it,

apparently. Interlock and clear the pointer to avoid free memory dereference. Submitted by: bde (previous version) MFC after: 3 weeks
author: kib <kib@FreeBSD.org> 2016-01-22 20:30:51 +0000
committer: kib <kib@FreeBSD.org> 2016-01-22 20:30:51 +0000
commit: 8c188055779951abb5983c3fcac2d41096276b9b (patch)
tree: b3670b6b08df7c03db033a42681a7a992947c9a2 /sys/fs
parent: 7b7fe5c956115c1235bb2e5abd25e32861edb7d0 (diff)
download: FreeBSD-src-8c188055779951abb5983c3fcac2d41096276b9b.zip
FreeBSD-src-8c188055779951abb5983c3fcac2d41096276b9b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/fs/devfs/devfs_devs.c b/sys/fs/devfs/devfs_devs.c
index 40023c1..2c11fa4 100644
--- a/sys/fs/devfs/devfs_devs.c
+++ b/sys/fs/devfs/devfs_devs.c
@@ -304,6 +304,13 @@ devfs_vmkdir(struct devfs_mount *dmp, char *name, int namelen, struct devfs_dire
 void
 devfs_dirent_free(struct devfs_dirent *de)
 {
+	struct vnode *vp;
+
+	vp = de->de_vnode;
+	mtx_lock(&devfs_de_interlock);
+	if (vp != NULL && vp->v_data == de)
+		vp->v_data = NULL;
+	mtx_unlock(&devfs_de_interlock);
 	free(de, M_DEVFS3);
 }
author	kib <kib@FreeBSD.org>	2016-01-22 20:30:51 +0000
committer	kib <kib@FreeBSD.org>	2016-01-22 20:30:51 +0000
commit	8c188055779951abb5983c3fcac2d41096276b9b (patch)
tree	b3670b6b08df7c03db033a42681a7a992947c9a2 /sys/fs
parent	7b7fe5c956115c1235bb2e5abd25e32861edb7d0 (diff)
download	FreeBSD-src-8c188055779951abb5983c3fcac2d41096276b9b.zip FreeBSD-src-8c188055779951abb5983c3fcac2d41096276b9b.tar.gz