HomeFreeBSD

ffs: clear MNT_SOFTDEP earlier when remounting rw to ro

Description

ffs: clear MNT_SOFTDEP earlier when remounting rw to ro

Suppose that we remount rw->ro and in parallel some reader tries to
instantiate a vnode, e.g. during lookup. Suppose that softdep_unmount()
already started, but we did not cleared the MNT_SOFTDEP flag yet.
Then ffs_vgetf() calls into softdep_load_inodeblock() which accessed
destroyed hashes and freed memory.

Set/clear fs_ronly simultaneously (WRT to files flush) with MNT_SOFTDEP.
It might be reasonable to move the change of fs_ronly to under MNT_ILOCK,
but no readers take it.

Reported and tested by: pho
Reviewed by: mckusick
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D29178

Details

Provenance
kibAuthored on Feb 28 2021, 6:55 PM
Reviewer
mckusick
Differential Revision
D29178: UFS SU: handle races on remounts rw<->ro
Parents
rG7f682bdcabda: Rework MOUNTED/DOING SOFTDEP/SUJ macros
Branches
Unknown
Tags
Unknown