ref: 761452154a7d15aa519bb799313c151c26440914
parent: d31382ca17d92fe7c0b3c45f418f605d1759ed55
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Fri Aug 30 15:54:26 EDT 2024
gefs: clunk dent and mnt when dropping rclose message When clunking a Fid while the file-system is read only, dont just free the Amsg, but also drop the references to dent and mnt. Make clunkfid() nil fid->rclose, so no reuse after free is possible. Make clunkfid() always set the return pointer, avoid missing prior initialization.
--- a/sys/src/cmd/gefs/fs.c
+++ b/sys/src/cmd/gefs/fs.c
@@ -800,9 +800,10 @@
free(f->scan);
f->scan = nil;
}
- if(f->rclose != nil){- *ao = f->rclose;
+ if((*ao = f->rclose) != nil){+ f->rclose = nil;
+
qlock(&f->dent->trunclk);
f->dent->trunc = 1;
qunlock(&f->dent->trunclk);
@@ -1805,11 +1806,7 @@
t = f->mnt->root;
nm = 0;
lock(f);
- *ao = nil;
clunkfid(m->conn, f, ao);
- /* rclose files are getting removed here anyways */
- if(*ao != nil)
- f->rclose = nil;
unlock(f);
truncwait(f->dent, id);
@@ -2332,7 +2329,6 @@
unlock(&c->fidtablk[i]);
lock(f);
- a = nil;
clunkfid(c, f, &a);
unlock(f);
putfid(f);
@@ -2447,11 +2443,13 @@
}
lock(f);
clunkfid(m->conn, f, &a);
- /* read only: ignore rclose */
- f->rclose = nil;
unlock(f);
- free(a);
putfid(f);
+ if(a != nil){+ clunkdent(a->mnt, a->dent);
+ clunkmount(a->mnt);
+ free(a);
+ }
}
rerror(m, Erdonly);
continue;
--
⑨