Do not dereference vp->v_mount without holding vnode lock and checking

that the vnode is not reclaimed. Noted by: Igor Sysoev <is rambler-co ru> MFC after: 1 week
author: kib <kib@FreeBSD.org> 2009-10-01 12:50:26 +0000
committer: kib <kib@FreeBSD.org> 2009-10-01 12:50:26 +0000
commit: 6f65ac42775d5a36dd9aa0878ca09ef1e6de660e (patch)
tree: 71303ab0d3f246cf025b525116a19a06d8bd2584 /sys/kern/uipc_syscalls.c
parent: 75708a4b2132a457cb688745c30d7b6b445d5484 (diff)
download: FreeBSD-src-6f65ac42775d5a36dd9aa0878ca09ef1e6de660e.zip
FreeBSD-src-6f65ac42775d5a36dd9aa0878ca09ef1e6de660e.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 34eaf20..475a2de 100644
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -2086,9 +2086,11 @@ retry_space:
 				/*
 				 * Get the page from backing store.
 				 */
-				bsize = vp->v_mount->mnt_stat.f_iosize;
 				vfslocked = VFS_LOCK_GIANT(vp->v_mount);
-				vn_lock(vp, LK_SHARED | LK_RETRY);
+				error = vn_lock(vp, LK_SHARED);
+				if (error != 0)
+					goto after_read;
+				bsize = vp->v_mount->mnt_stat.f_iosize;
 
 				/*
 				 * XXXMAC: Because we don't have fp->f_cred
@@ -2101,6 +2103,7 @@ retry_space:
 				    IO_VMIO | ((MAXBSIZE / bsize) << IO_SEQSHIFT),
 				    td->td_ucred, NOCRED, &resid, td);
 				VOP_UNLOCK(vp, 0);
+			after_read:
 				VFS_UNLOCK_GIANT(vfslocked);
 				VM_OBJECT_LOCK(obj);
 				vm_page_io_finish(pg);
author	kib <kib@FreeBSD.org>	2009-10-01 12:50:26 +0000
committer	kib <kib@FreeBSD.org>	2009-10-01 12:50:26 +0000
commit	6f65ac42775d5a36dd9aa0878ca09ef1e6de660e (patch)
tree	71303ab0d3f246cf025b525116a19a06d8bd2584 /sys/kern/uipc_syscalls.c
parent	75708a4b2132a457cb688745c30d7b6b445d5484 (diff)
download	FreeBSD-src-6f65ac42775d5a36dd9aa0878ca09ef1e6de660e.zip FreeBSD-src-6f65ac42775d5a36dd9aa0878ca09ef1e6de660e.tar.gz