From 4f21442e10dbb22f1bd4c990dc0b1a2aa51231b9 Mon Sep 17 00:00:00 2001
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Wed, 21 Jul 2021 16:19:51 +0300
Subject: [PATCH] null_lookup: restore dvp lock always, not only on success

Caller of VOP_LOOKUP() passes dvp locked and expect it locked on return.
Relock of lower vnode in any case could leave upper vnode reclaimed and
unlocked.

Reported and tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D31310
---
 sys/fs/nullfs/null_vnops.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sys/fs/nullfs/null_vnops.c b/sys/fs/nullfs/null_vnops.c
index 47b0bda32b6..43dc325a79f 100644
--- a/sys/fs/nullfs/null_vnops.c
+++ b/sys/fs/nullfs/null_vnops.c
@@ -436,11 +436,12 @@ null_lookup(struct vop_lookup_args *ap)
 	 * dvp to be reclaimed due to shared v_vnlock.  Check for the
 	 * doomed state and return error.
 	 */
-	if ((error == 0 || error == EJUSTRETURN) &&
-	    VN_IS_DOOMED(dvp)) {
-		error = ENOENT;
-		if (lvp != NULL)
-			vput(lvp);
+	if (VN_IS_DOOMED(dvp)) {
+		if (error == 0 || error == EJUSTRETURN) {
+			if (lvp != NULL)
+				vput(lvp);
+			error = ENOENT;
+		}
 
 		/*
 		 * If vgone() did reclaimed dvp before curthread