From f8ceceeed87ff87400caf59ef5ea598528122ba7 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Wed, 19 Jan 2022 01:11:45 +0000
Subject: [PATCH 17/36] specfs: sn_gone cannot be set while we hold the vnode
 lock.

vrevoke suspends the file system, which waits for the vnode lock to
be released, before it sets sn_gone and changes v_op so nothing can
re-enter spec_open with this vnode.
---
 sys/miscfs/specfs/spec_vnops.c | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/sys/miscfs/specfs/spec_vnops.c b/sys/miscfs/specfs/spec_vnops.c
index a6da50fb400c..ae49dcd21a15 100644
--- a/sys/miscfs/specfs/spec_vnops.c
+++ b/sys/miscfs/specfs/spec_vnops.c
@@ -545,10 +545,6 @@ spec_open(void *v)
 	/*
 	 * Acquire an open reference -- as long as we hold onto it, and
 	 * the vnode isn't revoked, it can't be closed.
-	 *
-	 * But first check whether it has been revoked -- if so, we
-	 * can't acquire more open references and we must fail
-	 * immediately with EBADF.
 	 */
 	mutex_enter(&device_lock);
 	switch (vp->v_type) {
@@ -557,10 +553,7 @@ spec_open(void *v)
 		 * Character devices can accept opens from multiple
 		 * vnodes.
 		 */
-		if (sn->sn_gone) {
-			error = EBADF;
-			break;
-		}
+		KASSERT(!sn->sn_gone);
 		sd->sd_opencnt++;
 		sn->sn_opencnt++;
 		break;
@@ -573,10 +566,7 @@ spec_open(void *v)
 		 * Treat zero opencnt with non-NULL mountpoint as open.
 		 * This may happen after forced detach of a mounted device.
 		 */
-		if (sn->sn_gone) {
-			error = EBADF;
-			break;
-		}
+		KASSERT(!sn->sn_gone);
 		if (sd->sd_opencnt != 0 || sd->sd_mountpoint != NULL) {
 			error = EBUSY;
 			break;