being reclaimed by another thread. after recent changes in cache_lookup_raw,
there's a race between cache_lookup_raw/vtryget and getcleanvnode/vclean.
PR/41028.
Fix some of the races (but probably not all of them) in the NFS server code.
nfssvc_nfsd(): change a splsoftclock()/spx() to mutex_enter/exit(&nfsd_lock)
(I guess it was forgotten when the nfsd code was made SMP safe)
m_freem(nd_nam) in nfsrv_slpderef() instead of nfsrv_zapsock() to
avoid possible use after free in nfssvc_nfsd()
Fix nfsrv_slpderef() to not release nfsd_lock before testing SLP_VALID
and reaquiring it just after. This could cause a use after free
of the slp if one thread is in nfsrv_slpderef() and the other one grabs
slp from nfssvc_sockpending and zap it.
nfsrv_rename() can exit without calling genfs_renamelock_exit() because
the nfsm_reply() can do return (0) on error.
Change nfsm_reply to use 'error = 0; goto nfsmout' instead.
Fix a few place so it's safe to goto nfsmout from nfsm_reply, or other
macros calling it.
As a side effect it could fix a missing vrele(dirp) in various place where
nfsm_reply could return(0).
There are still about 1600 left, but they have ',' or /* ... */
in the actual variable definitions - which my awk script doesn't handle.
There are also many that need () -> (void).
(The script does handle misordered arguments.)
than backing off to 256*SRTT. This is why it sometimes could take
hours for a NFS mount to come back when the server returned.
contributed anonymously.
into modules. By and large this commit:
- shuffles header files and ifdefs
- splits code out where necessary to be modular
- adds module glue for each of the components
- adds/replaces hooks for things that can be installed at runtime
- In getpages don't allocate if we are not locked
- Use kmem_alloc instead of malloc and don't sleep
Also provide a 64 entry stack array so we don't have to allocate in the
common case.
constructor instead of depending on link sets. Consequently, rename
nfs_nh{init,reinit,done} to nfs_node_{init,reinit,done}, respectively,
to better convey the function.
case) freed already within the rpc handler.
XXX: this line and another was originally committed with "don't
leak mbufs", but given that currently it can double-free an mbuf
and essentially crash the system, I'll opt for the leak. Needless
to say, this needs revisiting, but that requires a large scale
campaign due to the sticky nature of nfsm love.
cegger