hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-22 11:14:18 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

tmpfs_destroy_vobject(): clear v_object under the object lock

Browse Source 
Which allows tmpfs_pager_writecount_recalc() to reliably detect
reclaimed vnode and make its accesses to object->un_pager.swp.private
(== vp) safe against reclaim.  Note that vnode instantiation already
assigns v_object under the object lock.

Reviewed by:	markj
Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D45119
This commit is contained in:
Konstantin Belousov 2024-05-12 04:26:32 +03:00
parent 6ada4e8a0a
commit 4681194979
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/fs/tmpfs/tmpfs_subr.c
View File

@ -120,7 +120,7 @@ tmpfs_pager_writecount_recalc(vm_object_t object, vm_offset_t old,
/*
* Forced unmount?
*/
if (vp == NULL) {
if (vp == NULL || vp->v_object == NULL) {
KASSERT((object->flags & OBJ_TMPFS_VREF) == 0,
("object %p with OBJ_TMPFS_VREF but without vnode",
object));
@ -957,6 +957,8 @@ tmpfs_destroy_vobject(struct vnode *vp, vm_object_t obj)
VM_OBJECT_WLOCK(obj);
VI_LOCK(vp);
vp->v_object = NULL;
/*
* May be going through forced unmount.
*/