diff options
| author |   beck <beck@openbsd.org> | 2009-12-15 16:20:07 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2009-12-15 16:20:07 +0000 |
| commit | eca38f4b13ec76ea4999d82e6e00cf4947a873d0 (patch) | |
| tree | 8fb3739ebdefcf9e198b7f609f5f90bc99062179 | |
| parent | Make sillyrename not so damn silly. The kindergarten algorithm here for (diff) | |
| download | wireguard-openbsd-eca38f4b13ec76ea4999d82e6e00cf4947a873d0.tar.xz wireguard-openbsd-eca38f4b13ec76ea4999d82e6e00cf4947a873d0.zip | |
This fixes a case where we could panic on a null deref with a bad vnode
in nfs_inactive, on a reboot.
The core of the problem was in nfs_nget, when we lose the race to put a new
nfsnode in the tree, we have previously allocated a vnode, which getnewvnode
has done an insmntque into the nfs mp's mntlist. The problem being we then
try again with a new vnode, abandoning this one on the mntlist, leaving
junk there for us to die on when we unmount.
analysis and bogus fix by art@, correct fix by me. much painful testing by
krw@
ok oga@, art@
| -rw-r--r-- | sys/nfs/nfs_node.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/nfs/nfs_node.c b/sys/nfs/nfs_node.c index 2fcfcf3c7ed..f19f516e00a 100644 --- a/sys/nfs/nfs_node.c +++ b/sys/nfs/nfs_node.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_node.c,v 1.48 2009/08/14 17:52:18 thib Exp $ */ +/* $OpenBSD: nfs_node.c,v 1.49 2009/12/15 16:20:07 beck Exp $ */ /* $NetBSD: nfs_node.c,v 1.16 1996/02/18 11:53:42 fvdl Exp $ */ /* @@ -124,6 +124,7 @@ loop: np = RB_FIND(nfs_nodetree, &nmp->nm_ntree, &find); if (np != NULL) { + vgone(nvp); /*remove from mnt queue - don't leak vnodes*/ rw_exit_write(&nfs_hashlock); goto loop; } |