From 32c276572fd896e1438ca9388db981cd69c1b967 Mon Sep 17 00:00:00 2001
From: Far <yesiyuan2@huawei.com>
Date: Sat, 1 May 2021 23:13:26 +0800
Subject: [PATCH] fix: BCHR-type vnode may be reclaimed before vnodefree

Decreasing a vnode of BCHR type, drop the vnode mutex , and then check the vnode and hold the mutex again makes it possible to reclaim the vnode by other threads before free the vnode, which may cause problems

Close #I3ORVN
---
 fs/inode/fs_files.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/fs/inode/fs_files.c b/fs/inode/fs_files.c
index 0396662..0cfb42b 100644
--- a/fs/inode/fs_files.c
+++ b/fs/inode/fs_files.c
@@ -186,20 +186,18 @@ static int _files_close(struct file *filep)
         }
       VnodeHold();
       vnode->useCount--;
-      VnodeDrop();
-    }
-
-  /* Block char device is removed when close */
-  if (vnode->type == VNODE_TYPE_BCHR)
-    {
-      VnodeHold();
-      ret = VnodeFree(vnode);
-      if (ret < 0)
+      /* Block char device is removed when close */
+      if (vnode->type == VNODE_TYPE_BCHR)
         {
-          PRINTK("Removing bchar device %s failed\n", filep->f_path);
+          ret = VnodeFree(vnode);
+          if (ret < 0)
+            {
+              PRINTK("Removing bchar device %s failed\n", filep->f_path);
+            }
         }
       VnodeDrop();
     }
+
   /* Release the path of file */
 
   free(filep->f_path);
-- 
GitLab