git: kernel - Fix vmspace termination race (2)

Matthew Dillon dillon at
Thu Feb 9 18:53:14 PST 2017

commit a9d06cca8c6894668c0d26cfa6846fb58975a647
Author: Matthew Dillon <dillon at>
Date:   Thu Feb 9 16:51:44 2017 -0800

    kernel - Fix vmspace termination race (2)
    * Fix a race and fix dangling cached mount points.  At the point where
      dounmount() checks to see if there are any dangling cache refs left
      it has already dropped its own ref on the mp.  The test, however,
      was (refs > 1).  The test needs to be (refs > 0).
      This race was probably causing the corruption, and in fact its the
      smoking gun because the mp->mnt_refs field is at the same offset as
      the pmap->copyin field, and the pmap->copyin field was getting
      corrupted by being decremented by 1.
    * Fix a race where the unmount code was issuing tue dounmount() call
      without any ref or hold on the mp.  This race was unlikely (requires
      two unmounts of the same partition at the same time).

Summary of changes:
 sys/kern/vfs_mount.c    | 19 ++++++++++++++----
 sys/kern/vfs_syscalls.c | 52 ++++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 58 insertions(+), 13 deletions(-)

DragonFly BSD source repository

More information about the Commits mailing list