From e0024fa4a17010f2996bc692911b378d96d7e050 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Wed, 19 Jan 2022 01:11:45 +0000
Subject: [PATCH 17/39] specfs: sn_gone cannot be set while we hold the vnode
 lock.

Revoke runs with the vnode lock too, which is exclusive.  Add an
assertion to this effect in spec_node_revoke to make it clear.
---
 sys/miscfs/specfs/spec_vnops.c | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/sys/miscfs/specfs/spec_vnops.c b/sys/miscfs/specfs/spec_vnops.c
index 4bff7e2b2cb3..dffe80edf31e 100644
--- a/sys/miscfs/specfs/spec_vnops.c
+++ b/sys/miscfs/specfs/spec_vnops.c
@@ -402,6 +402,8 @@ spec_node_revoke(vnode_t *vp)
 	specnode_t *sn;
 	specdev_t *sd;
 
+	KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE);
+
 	sn = vp->v_specnode;
 	sd = sn->sn_dev;
 
@@ -552,11 +554,8 @@ spec_open(void *v)
 
 	/*
 	 * Acquire an open reference -- as long as we hold onto it, and
-	 * the vnode isn't revoked, it can't be closed.
-	 *
-	 * But first check whether it has been revoked -- if so, we
-	 * can't acquire more open references and we must fail
-	 * immediately with EBADF.
+	 * the vnode isn't revoked, it can't be closed, and the vnode
+	 * can't be revoked until we release the vnode lock.
 	 */
 	mutex_enter(&device_lock);
 	switch (vp->v_type) {
@@ -565,10 +564,7 @@ spec_open(void *v)
 		 * Character devices can accept opens from multiple
 		 * vnodes.
 		 */
-		if (sn->sn_gone) {
-			error = EBADF;
-			break;
-		}
+		KASSERT(!sn->sn_gone);
 		sd->sd_opencnt++;
 		sn->sn_opencnt++;
 		break;
@@ -581,10 +577,7 @@ spec_open(void *v)
 		 * Treat zero opencnt with non-NULL mountpoint as open.
 		 * This may happen after forced detach of a mounted device.
 		 */
-		if (sn->sn_gone) {
-			error = EBADF;
-			break;
-		}
+		KASSERT(!sn->sn_gone);
 		if (sd->sd_opencnt != 0 || sd->sd_mountpoint != NULL) {
 			error = EBUSY;
 			break;