vfs: avoid exposing partially constructed vnodes

If multiple threads race calling vfs_hash_insert() while creating vnodes
with the same identity, all of the vnodes which lose the race must be
destroyed before any other thread can see them. Previously this was
accomplished by the vput() in vfs_hash_insert() resulting in the vnode's
VOP_INACTIVE() method calling vgone() before the vnode lock was unlocked,
but at some point changes to the the vnode refcount/inactive logic have caused
that to no longer work, leading to crashes, so instead vfs_hash_insert()
must call vgone() itself before calling vput() on vnodes which lose the race.

Reviewed by:	mjg, kib
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26291
This commit is contained in:
Chuck Silvers 2020-09-05 00:26:03 +00:00
parent 67d224ef43
commit a0a36d4886

View File

@ -172,6 +172,7 @@ vfs_hash_insert(struct vnode *vp, u_int hash, int flags, struct thread *td,
rw_wlock(&vfs_hash_lock);
LIST_INSERT_HEAD(&vfs_hash_side, vp, v_hashlist);
rw_wunlock(&vfs_hash_lock);
vgone(vp);
vput(vp);
if (!error)
*vpp = vp2;