freebsd-nq/sys/fs/deadfs
Konstantin Belousov df3cbc41fa The deadfs VOPs for vop_ioctl and vop_bmap call itself recursively,
which is an elaborate way to cause kernel panic. Change the VOPs
implementation to return EBADF for a reclaimed vnode.

While the calls to vop_bmap should not reach deadfs, it is indeed
possible for vop_ioctl, because the VOP locking protocol is to pass
the vnode to VOP unlocked. The actual panic was observed when ioctl
was called on procfs filedescriptor which pointed to an exited
process.

Reported by:	zont
Tested by:	pho
MFC after:	1 week
2012-09-13 13:05:45 +00:00
..
dead_vnops.c The deadfs VOPs for vop_ioctl and vop_bmap call itself recursively, 2012-09-13 13:05:45 +00:00