Fix lock order reversal in nfs_inactive()

Make the silly file removal happen after the vnode has been unlocked.
This avoids a file-directory reversal in the vnode locking order.

OK jca@

diff --git a/sys/nfs/nfs_node.c b/sys/nfs/nfs_node.c
index 958d643..c8ac3b9 100644 (file)
--- a/sys/nfs/nfs_node.c
+++ b/sys/nfs/nfs_node.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: nfs_node.c,v 1.74 2021/10/20 06:35:39 semarie Exp $   */
+/*     $OpenBSD: nfs_node.c,v 1.75 2022/06/27 13:39:58 visa Exp $      */
 /*     $NetBSD: nfs_node.c,v 1.16 1996/02/18 11:53:42 fvdl Exp $       */
 
 /*
@@ -183,20 +183,23 @@ nfs_inactive(void *v)
                np->n_sillyrename = NULL;
        } else
                sp = NULL;
-       if (sp) {
+       if (sp != NULL)
+               nfs_vinvalbuf(ap->a_vp, 0, sp->s_cred, curproc);
+       np->n_flag &= (NMODIFIED | NFLUSHINPROG | NFLUSHWANT);
+
+       VOP_UNLOCK(ap->a_vp);
+
+       if (sp != NULL) {
                /*
                 * Remove the silly file that was rename'd earlier
                 */
-               nfs_vinvalbuf(ap->a_vp, 0, sp->s_cred, curproc);
                vn_lock(sp->s_dvp, LK_EXCLUSIVE | LK_RETRY);
                nfs_removeit(sp);
                crfree(sp->s_cred);
                vput(sp->s_dvp);
                free(sp, M_NFSREQ, sizeof(*sp));
        }
-       np->n_flag &= (NMODIFIED | NFLUSHINPROG | NFLUSHWANT);
 
-       VOP_UNLOCK(ap->a_vp);
        return (0);
 }