[src/netbsd-7]: src/sys/fs/puffs Pull up following revision(s) (requested by ...

[msaitoh <msaitoh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d5639cc8c644
branches:  netbsd-7
changeset: 798511:d5639cc8c644
user:      msaitoh <msaitoh%NetBSD.org@localhost>
date:      Sun Nov 09 10:09:32 2014 +0000

description:
Pull up following revision(s) (requested by manu in ticket #194):
        sys/fs/puffs/puffs_vnops.c: revision 1.197
        sys/fs/puffs/puffs_node.c: revision 1.35
Fix PUFFS node use-after-reclaim
When puffs_cookie2vnode() misses an entry, vcache_get()
creates a new node (puffs_vfsop_loadvnode being called to
initialize the PUFFS part), then it discovers it is VNON,
and tries to vrele() it. vrele() calls VOP_INACTIVE(),
which led us in puffs_vnop_inactive() where we sent a
request to the filesystem for a node that already had been
reclaimed.
The fix is to check for VNON nodes in puffs_vnop_inactive()
and to return without doing anyting. This is suboptimal, but
a better workaround would probably need to modify vcache API,
with an impact on other filesystems. Let us keep it simple.

diffstat:

 sys/fs/puffs/puffs_node.c  |   5 +++--
 sys/fs/puffs/puffs_vnops.c |  16 ++++++++++++++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diffs (63 lines):

diff -r 004642542ae1 -r d5639cc8c644 sys/fs/puffs/puffs_node.c
--- a/sys/fs/puffs/puffs_node.c Sun Nov 09 10:07:31 2014 +0000
+++ b/sys/fs/puffs/puffs_node.c Sun Nov 09 10:09:32 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: puffs_node.c,v 1.31.4.3 2014/09/30 18:14:22 martin Exp $       */
+/*     $NetBSD: puffs_node.c,v 1.31.4.4 2014/11/09 10:09:32 msaitoh Exp $      */
 
 /*
  * Copyright (c) 2005, 2006, 2007  Antti Kantee.  All Rights Reserved.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: puffs_node.c,v 1.31.4.3 2014/09/30 18:14:22 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: puffs_node.c,v 1.31.4.4 2014/11/09 10:09:32 msaitoh Exp $");
 
 #include <sys/param.h>
 #include <sys/hash.h>
@@ -266,6 +266,7 @@
        mutex_enter((*vpp)->v_interlock);
        if ((*vpp)->v_type == VNON) {
                mutex_exit((*vpp)->v_interlock);
+               /* XXX vrele() calls VOP_INACTIVE() with VNON node */
                vrele(*vpp);
                *vpp = NULL;
                return PUFFS_NOSUCHCOOKIE;
diff -r 004642542ae1 -r d5639cc8c644 sys/fs/puffs/puffs_vnops.c
--- a/sys/fs/puffs/puffs_vnops.c        Sun Nov 09 10:07:31 2014 +0000
+++ b/sys/fs/puffs/puffs_vnops.c        Sun Nov 09 10:09:32 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: puffs_vnops.c,v 1.182.2.10 2014/11/09 10:07:31 msaitoh Exp $   */
+/*     $NetBSD: puffs_vnops.c,v 1.182.2.11 2014/11/09 10:09:32 msaitoh Exp $   */
 
 /*
  * Copyright (c) 2005, 2006, 2007  Antti Kantee.  All Rights Reserved.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: puffs_vnops.c,v 1.182.2.10 2014/11/09 10:07:31 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: puffs_vnops.c,v 1.182.2.11 2014/11/09 10:09:32 msaitoh Exp $");
 
 #include <sys/param.h>
 #include <sys/buf.h>
@@ -1336,6 +1336,18 @@
        struct puffs_node *pnode;
        bool recycle = false;
 
+       /*
+        * When puffs_cookie2vnode() misses an entry, vcache_get()
+        * creates a new node (puffs_vfsop_loadvnode being called to
+        * initialize the PUFFS part), then it discovers it is VNON,
+        * and tries to vrele() it. This leads us there, while the 
+        * cookie was stall and the node likely already reclaimed. 
+        */
+       if (vp->v_type == VNON) {
+               VOP_UNLOCK(vp);
+               return 0;
+       }
+
        pnode = vp->v_data;
        mutex_enter(&pnode->pn_sizemtx);