Module Name:	src
Committed By:	jmmv
Date:		Thu Nov  2 17:34:21 UTC 2006

Modified Files:
	src/sys/fs/smbfs: smbfs.h smbfs_io.c smbfs_node.c smbfs_node.h
	    smbfs_smb.c smbfs_subr.c smbfs_vfsops.c smbfs_vnops.c

Log Message:
Bring in fix from FreeBSD by tjr, 3 years and 9 months ago: Store a
reference to the parent directory's vnode instead of its smbnode to
avoid a use-after-free bug causing a panic when a smbfs mount is
forcefully unmounted.

Keep trying to flush the vnode list for the mount while some are still
busy and we are making progress towards making them not busy.  This
stops attempts to unmount idle smbfs mounts failing with EBUSY.

The easiest way to reproduce the above problem, from what I have seen is:
1) Assume /s is a smbfs mount point.
2) mount /s
3) stat /s/foo/1
4) umount /s
   Returns error because the file system is busy.
5) Shutdown the machine: panic in smbfs_reclaim because vrele
   accesses already-released memory.


To generate a diff of this commit:
cvs rdiff -r1.14 -r1.15 src/sys/fs/smbfs/smbfs.h
cvs rdiff -r1.23 -r1.24 src/sys/fs/smbfs/smbfs_io.c
cvs rdiff -r1.29 -r1.30 src/sys/fs/smbfs/smbfs_node.c
cvs rdiff -r1.11 -r1.12 src/sys/fs/smbfs/smbfs_node.h \
    src/sys/fs/smbfs/smbfs_subr.c
cvs rdiff -r1.32 -r1.33 src/sys/fs/smbfs/smbfs_smb.c
cvs rdiff -r1.58 -r1.59 src/sys/fs/smbfs/smbfs_vfsops.c
cvs rdiff -r1.54 -r1.55 src/sys/fs/smbfs/smbfs_vnops.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.