Skip to content

Commit

Permalink
13827 mntfs, doors assuming final VOP_HOLD always belongs to a file_t…
Browse files Browse the repository at this point in the history
…, leaks ensue

Change-Id: I807e0023f6a4decf7d1809fd248d18d33585a467
  • Loading branch information
arekinath committed Dec 15, 2022
1 parent 9c514d2 commit 1570c86
Showing 1 changed file with 16 additions and 10 deletions.
26 changes: 16 additions & 10 deletions usr/src/uts/common/fs/mntfs/mntvnops.c
Original file line number Diff line number Diff line change
Expand Up @@ -845,15 +845,16 @@ mntopen(vnode_t **vpp, int flag, cred_t *cr, caller_context_t *ct)
*/
if (flag & FWRITE)
return (EPERM);

/*
* Create a new mnt/vnode for each open, this will give us a handle to
* hang the snapshot on.
*/
nmnp = mntgetnode(vp);

*vpp = MTOV(nmnp);
atomic_inc_32(&MTOD(nmnp)->mnt_nopen);
VN_RELE(vp);

return (0);
}

Expand All @@ -868,15 +869,12 @@ mntclose(vnode_t *vp, int flag, int count, offset_t offset, cred_t *cr,
cleanlocks(vp, ttoproc(curthread)->p_pid, 0);
cleanshares(vp, ttoproc(curthread)->p_pid);

if (count > 1)
return (0);
if (vp->v_count == 1) {
rw_enter(&mnp->mnt_contents, RW_WRITER);
mntfs_freesnap(mnp, &mnp->mnt_read);
mntfs_freesnap(mnp, &mnp->mnt_ioctl);
rw_exit(&mnp->mnt_contents);
atomic_dec_32(&MTOD(mnp)->mnt_nopen);
}
/*
* Snapshot cleanup and freeing the mntnode_t is done by mntinactive(),
* since there might still be a hold on the vnode after mntclose()
* (e.g. for an outstanding syscall in another thread).
*/

return (0);
}

Expand Down Expand Up @@ -1140,13 +1138,16 @@ mntgetnode(vnode_t *dp)
mnp->mnt_vnode = vn_alloc(KM_SLEEP);
mnp->mnt_mountvp = VTOM(dp)->mnt_mountvp;
rw_init(&mnp->mnt_contents, NULL, RW_DEFAULT, NULL);

vp = MTOV(mnp);
vp->v_flag = VNOCACHE|VNOMAP|VNOSWAP|VNOMOUNT;
vn_setops(vp, mntvnodeops);
vp->v_vfsp = dp->v_vfsp;
vp->v_type = VREG;
vp->v_data = (caddr_t)mnp;

atomic_inc_32(&MTOD(mnp)->mnt_nopen);

return (mnp);
}

Expand All @@ -1158,6 +1159,11 @@ mntfreenode(mntnode_t *mnp)
{
vnode_t *vp = MTOV(mnp);

atomic_dec_32(&MTOD(mnp)->mnt_nopen);

mntfs_freesnap(mnp, &mnp->mnt_read);
mntfs_freesnap(mnp, &mnp->mnt_ioctl);

rw_destroy(&mnp->mnt_contents);
vn_invalid(vp);
vn_free(vp);
Expand Down

0 comments on commit 1570c86

Please sign in to comment.