DragonFlyBSD Kernel Audit
← dashboard
DF-0193

vfs_vptofh reads vp->v_mount twice without snapshot/NULL-check

Summary

vfs_vptofh derefs vp->v_mount twice: VFS_MPLOCK(vp->v_mount)(:272) then (vp->v_mount->mnt_op->vfs_vptofh)(:273). vp->v_mount mutable (insmntque). If NULL between reads -> NULL deref panic. Current callers hold vp locked pinning v_mount. Defense-in-depth.