Store a reference to the vnode associated with a file descriptor in the

linux_file structure and use it instead of directly accessing td_fpop when destroying the linux_file structure. The td_fpop pointer is not valid when a cdevpriv destructor is run, and the type-specific close method has already been called, so f_vnode may not be valid (and the vnode might have been recycled without our own reference). Tested by: Julian Stecklina <jsteckli@os.inf.tu-dresden.de> MFC after: 1 week
2013-06-11 15:37:07 +00:00 · 2013-06-11 15:37:07 +00:00 · b2737f9e63
commit b2737f9e63
parent c145d6005f
2 changed files with 5 additions and 1 deletions
--- a/sys/ofed/include/linux/fs.h
+++ b/sys/ofed/include/linux/fs.h
@ -73,6 +73,7 @@ struct linux_file {
 	struct dentry	f_dentry_store;
 	struct selinfo	f_selinfo;
 	struct sigio	*f_sigio;
+	struct vnode	*f_vnode;
 };

 #define	file		linux_file
--- a/sys/ofed/include/linux/linux_compat.c
+++ b/sys/ofed/include/linux/linux_compat.c
@ -212,7 +212,8 @@ linux_file_dtor(void *cdp)
 	struct linux_file *filp;

 	filp = cdp;
-	filp->f_op->release(curthread->td_fpop->f_vnode, filp);
+	filp->f_op->release(filp->f_vnode, filp);
+	vdrop(filp->f_vnode);
 	kfree(filp);
 }

@ -232,6 +233,8 @@ linux_dev_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
 	filp->f_dentry = &filp->f_dentry_store;
 	filp->f_op = ldev->ops;
 	filp->f_flags = file->f_flag;
+	vhold(file->f_vnode);
+	filp->f_vnode = file->f_vnode;
 	if (filp->f_op->open) {
 		error = -filp->f_op->open(file->f_vnode, filp);
 		if (error) {