freebsd-nq/sys/cddl
Konstantin Belousov f82360acf2 Existing VOP_VPTOCNP() interface has a fatal flow that is critical for
nullfs.  The problem is that resulting vnode is only required to be
held on return from the successfull call to vop, instead of being
referenced.

Nullfs VOP_INACTIVE() method reclaims the vnode, which in combination
with the VOP_VPTOCNP() interface means that the directory vnode
returned from VOP_VPTOCNP() is reclaimed in advance, causing
vn_fullpath() to error with EBADF or like.

Change the interface for VOP_VPTOCNP(), now the dvp must be
referenced. Convert all in-tree implementations of VOP_VPTOCNP(),
which is trivial, because vhold(9) and vref(9) are similar in the
locking prerequisites. Out-of-tree fs implementation of VOP_VPTOCNP(),
if any, should have no trouble with the fix.

Tested by:	pho
Reviewed by:	mckusick
MFC after:	3 weeks (subject of re approval)
2011-11-19 07:50:49 +00:00
..
boot/zfs - Correctly read gang header from raidz. 2011-10-20 15:42:38 +00:00
compat/opensolaris Second-to-last commit implementing Capsicum capabilities in the FreeBSD 2011-08-11 12:30:23 +00:00
contrib/opensolaris Existing VOP_VPTOCNP() interface has a fatal flow that is critical for 2011-11-19 07:50:49 +00:00
dev Correct the types of the arguments to return probes of the syscall 2011-11-11 03:49:42 +00:00