The cache_enter(9) function shall not be called for doomed dvp.

Assert this. In the reported panic, vdestroy() fired the assertion "vp has namecache for ..", because pseudofs may end up doing cache_enter() with reclaimed dvp, after dotdot lookup temporary unlocked dvp. Similar problem exists in ufs_lookup() for "." lookup, when vnode lock needs to be upgraded. Verify that dvp is not reclaimed before calling cache_enter(). Reported and tested by: pho Reviewed by: kan MFC after: 2 weeks
svn path=/head/; revision=206894
2010-04-20 10:19:27 +00:00 · 2010-04-20 10:19:27 +00:00 · 5673e3cb08 · 2020-12-20 02:59:44 +00:00
commit 5673e3cb08
parent 9d79ec20fb
3 changed files with 11 additions and 1 deletions
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@ -542,7 +542,7 @@ pfs_lookup(struct vop_cachedlookup_args *va)

 	if (cnp->cn_flags & ISDOTDOT)
 		vn_lock(vn, LK_EXCLUSIVE|LK_RETRY);
-	if (cnp->cn_flags & MAKEENTRY)
+	if (cnp->cn_flags & MAKEENTRY && !(vn->v_iflag & VI_DOOMED))
 		cache_enter(vn, *vpp, cnp);
 	PFS_RETURN (0);
 failed:
--- a/sys/kern/vfs_cache.c
+++ b/sys/kern/vfs_cache.c
@ -611,6 +611,8 @@ cache_enter(dvp, vp, cnp)
 	CTR3(KTR_VFS, "cache_enter(%p, %p, %s)", dvp, vp, cnp->cn_nameptr);
 	VNASSERT(vp == NULL || (vp->v_iflag & VI_DOOMED) == 0, vp,
 	    ("cache_enter: Adding a doomed vnode"));
+	VNASSERT(dvp == NULL || (dvp->v_iflag & VI_DOOMED) == 0, dvp,
+	    ("cache_enter: Doomed vnode used as src"));

 	if (!doingcache)
 		return;
--- a/sys/ufs/ufs/ufs_lookup.c
+++ b/sys/ufs/ufs/ufs_lookup.c
@ -704,6 +704,14 @@ ufs_lookup_(struct vnode *vdp, struct vnode **vpp, struct componentname *cnp,
 				vn_lock(vdp, LK_UPGRADE | LK_RETRY);
 			else /* if (ltype == LK_SHARED) */
 				vn_lock(vdp, LK_DOWNGRADE | LK_RETRY);
+			/*
+			 * Relock for the "." case may left us with
+			 * reclaimed vnode.
+			 */
+			if (vdp->v_iflag & VI_DOOMED) {
+				vrele(vdp);
+				return (ENOENT);
+			}
 		}
 		*vpp = vdp;
 	} else {