Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern lookup_fastforward():



details:   https://anonhg.NetBSD.org/src/rev/0d8d78860e8f
branches:  trunk
changeset: 1011046:0d8d78860e8f
user:      ad <ad%NetBSD.org@localhost>
date:      Mon Jun 15 18:44:10 2020 +0000

description:
lookup_fastforward():

- If the root vnode of a mount is being reclaimed concurrent to a lookup,
  it's possbile to become confounded and bail out of the loop with both
  foundobj=NULL and searchdir=NULL (causing a NULL pointer deref).  If that
  happens everything should be rolled back to the start for retry.  Problem
  found and debugged by hannken@.

- If the terminal node was !VDIR then searchdir was needlessly referenced.
  No functional impact.

diffstat:

 sys/kern/vfs_lookup.c |  18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diffs (46 lines):

diff -r 5ac7ab8e55b4 -r 0d8d78860e8f sys/kern/vfs_lookup.c
--- a/sys/kern/vfs_lookup.c     Mon Jun 15 18:04:42 2020 +0000
+++ b/sys/kern/vfs_lookup.c     Mon Jun 15 18:44:10 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vfs_lookup.c,v 1.223 2020/06/04 03:12:26 riastradh Exp $       */
+/*     $NetBSD: vfs_lookup.c,v 1.224 2020/06/15 18:44:10 ad Exp $      */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.223 2020/06/04 03:12:26 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.224 2020/06/15 18:44:10 ad Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_magiclinks.h"
@@ -1382,6 +1382,9 @@
                        if (error != 0) {
                                foundobj = NULL;
                                error = EOPNOTSUPP;
+                       } else {
+                               terminal = (foundobj->v_type != VLNK &&
+                                   (cnp->cn_flags & ISLASTCN) != 0);
                        }
                        break;
                }
@@ -1458,7 +1461,16 @@
                 * fastforward to the beginning and let lookup_once() take
                 * care of it.
                 */
-               error2 = vcache_tryvget(searchdir);
+               if (searchdir == NULL) {
+                       /*
+                        * It's possible for searchdir to be NULL in the
+                        * case of a root vnode being reclaimed while
+                        * trying to cross a mount.
+                        */
+                       error2 = EOPNOTSUPP;
+               } else {
+                       error2 = vcache_tryvget(searchdir);
+               }
                KASSERT(plock != NULL);
                rw_exit(plock);
                if (__predict_true(error2 == 0)) {



Home | Main Index | Thread Index | Old Index