Index: sys/fs/nfs/nfsdport.h =================================================================== --- sys/fs/nfs/nfsdport.h (wersja 237035) +++ sys/fs/nfs/nfsdport.h (kopia robocza) @@ -94,8 +94,6 @@ #define NFSFPCRED(f) ((f)->f_cred) #define NFSFPFLAG(f) ((f)->f_flag) -int fp_getfvp(NFSPROC_T *, int, struct file **, struct vnode **); - #define NFSNAMEICNDSET(n, c, o, f) do { \ (n)->cn_cred = (c); \ (n)->cn_nameiop = (o); \ Index: sys/fs/nfsserver/nfs_nfsdport.c =================================================================== --- sys/fs/nfsserver/nfs_nfsdport.c (wersja 237035) +++ sys/fs/nfsserver/nfs_nfsdport.c (kopia robocza) @@ -2778,19 +2778,21 @@ /* * glue for fp. */ -int -fp_getfvp(struct thread *p, int fd, struct file **fpp, struct vnode **vpp) +static int +fp_getf(struct thread *p, int fd, struct file **fpp) { struct filedesc *fdp; struct file *fp; int error = 0; + /* XXX: Missing fdp locking. */ fdp = p->td_proc->p_fd; if (fd >= fdp->fd_nfiles || (fp = fdp->fd_ofiles[fd]) == NULL) { error = EBADF; goto out; } + /* XXX: 'fp' is returned without holding a reference. */ *fpp = fp; out: @@ -3092,7 +3094,6 @@ struct nfsd_dumplocklist dumplocklist; struct nfsd_dumplocks *dumplocks; struct nameidata nd; - vnode_t vp; int error = EINVAL; struct proc *procp; @@ -3115,7 +3116,7 @@ error = copyin(uap->argp, (caddr_t)&stablefd, sizeof (int)); if (!error) - error = fp_getfvp(p, stablefd, &fp, &vp); + error = fp_getf(p, stablefd, &fp); if (!error && (NFSFPFLAG(fp) & (FREAD | FWRITE)) != (FREAD | FWRITE)) error = EBADF; if (!error && newnfs_numnfsd != 0) Index: sys/fs/unionfs/union_subr.c =================================================================== --- sys/fs/unionfs/union_subr.c (wersja 237035) +++ sys/fs/unionfs/union_subr.c (kopia robocza) @@ -261,6 +261,7 @@ free(unp, M_UNIONFSNODE); return (error); } + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); error = insmntque(vp, mp); /* XXX: Too early for mpsafe fs */ if (error != 0) { free(unp, M_UNIONFSNODE);