Index: sys/kern/vfs_default.c =================================================================== --- sys/kern/vfs_default.c +++ sys/kern/vfs_default.c @@ -665,7 +665,6 @@ } */ *ap; { struct mount *mp; - struct mount_pcpu *mpcpu; struct vnode *vp; /* @@ -678,29 +677,7 @@ * with releasing it. */ vp = ap->a_vp; - mp = vp->v_mount; - if (mp == NULL) { - *(ap->a_mpp) = NULL; - return (0); - } - if (vfs_op_thread_enter(mp, mpcpu)) { - if (mp == vp->v_mount) { - vfs_mp_count_add_pcpu(mpcpu, ref, 1); - vfs_op_thread_exit(mp, mpcpu); - } else { - vfs_op_thread_exit(mp, mpcpu); - mp = NULL; - } - } else { - MNT_ILOCK(mp); - if (mp == vp->v_mount) { - MNT_REF(mp); - MNT_IUNLOCK(mp); - } else { - MNT_IUNLOCK(mp); - mp = NULL; - } - } + mp = vfs_ref_from_vp(vp); *(ap->a_mpp) = mp; return (0); } Index: sys/kern/vfs_mount.c =================================================================== --- sys/kern/vfs_mount.c +++ sys/kern/vfs_mount.c @@ -449,6 +449,44 @@ * Various utility functions */ +/* + * Get a reference on a mount point from a vnode. + * + * The vnode is allowed to be passed unlocked and race against dooming. Note in + * such case there are no guarantees the referenced mount point will still be + * associated with it after the function returns. + */ +struct mount * +vfs_ref_from_vp(struct vnode *vp) +{ + struct mount *mp; + struct mount_pcpu *mpcpu; + + mp = atomic_load_ptr(&vp->v_mount); + if (__predict_false(mp == NULL)) { + return (mp); + } + if (vfs_op_thread_enter(mp, mpcpu)) { + if (__predict_true(mp == vp->v_mount)) { + vfs_mp_count_add_pcpu(mpcpu, ref, 1); + vfs_op_thread_exit(mp, mpcpu); + } else { + vfs_op_thread_exit(mp, mpcpu); + mp = NULL; + } + } else { + MNT_ILOCK(mp); + if (mp == vp->v_mount) { + MNT_REF(mp); + MNT_IUNLOCK(mp); + } else { + MNT_IUNLOCK(mp); + mp = NULL; + } + } + return (mp); +} + void vfs_ref(struct mount *mp) { Index: sys/kern/vfs_syscalls.c =================================================================== --- sys/kern/vfs_syscalls.c +++ sys/kern/vfs_syscalls.c @@ -333,15 +333,13 @@ struct nameidata nd; int error; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKSHARED | LOCKLEAF | AUDITVNODE1, - pathseg, path, td); + NDINIT(&nd, LOOKUP, FOLLOW | AUDITVNODE1, pathseg, path, td); error = namei(&nd); if (error != 0) return (error); - mp = nd.ni_vp->v_mount; - vfs_ref(mp); + mp = vfs_ref_from_vp(nd.ni_vp); NDFREE_NOTHING(&nd); - vput(nd.ni_vp); + vrele(nd.ni_vp); return (kern_do_statfs(td, mp, buf)); } @@ -381,14 +379,14 @@ if (error != 0) return (error); vp = fp->f_vnode; - vn_lock(vp, LK_SHARED | LK_RETRY); #ifdef AUDIT - AUDIT_ARG_VNODE1(vp); + if (AUDITING_TD(td)) { + vn_lock(vp, LK_SHARED | LK_RETRY); + AUDIT_ARG_VNODE1(vp); + VOP_UNLOCK(vp); + } #endif - mp = vp->v_mount; - if (mp != NULL) - vfs_ref(mp); - VOP_UNLOCK(vp); + mp = vfs_ref_from_vp(vp); fdrop(fp, td); return (kern_do_statfs(td, mp, buf)); } Index: sys/sys/mount.h =================================================================== --- sys/sys/mount.h +++ sys/sys/mount.h @@ -997,6 +997,7 @@ void vfs_mountroot(void); /* mount our root filesystem */ void vfs_mountedfrom(struct mount *, const char *from); void vfs_notify_upper(struct vnode *, int); +struct mount *vfs_ref_from_vp(struct vnode *); void vfs_ref(struct mount *); void vfs_rel(struct mount *); struct mount *vfs_mount_alloc(struct vnode *, struct vfsconf *, const char *,