From a0a36d488605c6fec2be34b9b1ed6412ba8592f7 Mon Sep 17 00:00:00 2001 From: Chuck Silvers Date: Sat, 5 Sep 2020 00:26:03 +0000 Subject: [PATCH] vfs: avoid exposing partially constructed vnodes If multiple threads race calling vfs_hash_insert() while creating vnodes with the same identity, all of the vnodes which lose the race must be destroyed before any other thread can see them. Previously this was accomplished by the vput() in vfs_hash_insert() resulting in the vnode's VOP_INACTIVE() method calling vgone() before the vnode lock was unlocked, but at some point changes to the the vnode refcount/inactive logic have caused that to no longer work, leading to crashes, so instead vfs_hash_insert() must call vgone() itself before calling vput() on vnodes which lose the race. Reviewed by: mjg, kib Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D26291 --- sys/kern/vfs_hash.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/vfs_hash.c b/sys/kern/vfs_hash.c index 652806b7b4dbde..e10e9b57e31658 100644 --- a/sys/kern/vfs_hash.c +++ b/sys/kern/vfs_hash.c @@ -172,6 +172,7 @@ vfs_hash_insert(struct vnode *vp, u_int hash, int flags, struct thread *td, rw_wlock(&vfs_hash_lock); LIST_INSERT_HEAD(&vfs_hash_side, vp, v_hashlist); rw_wunlock(&vfs_hash_lock); + vgone(vp); vput(vp); if (!error) *vpp = vp2;