kern/40634: dostatvfs() broken when chroot to /

[bad%bsd.de@localhost]

>Number:         40634
>Category:       kern
>Synopsis:       "chroot / /sbin/mount" shows only / as mounted
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 14 00:40:01 +0000 2009
>Originator:     Christoph Badura
>Release:        NetBSD 5.99.4
>Organization:
>Environment:
System: NetBSD not-invented-here 5.99.4 NetBSD 5.99.4 (gaol_domu) #29: Sat Feb 
14 00:42:09 CET 2009 bad@not-invented-here:/home/bad/gaol_domu i386
Architecture: i386
Machine: i386
>Description:
        When chrooted to / mount and df show only the root FS:

        # chroot / /sbin/mount
        /dev/xbd0a on / type ffs (local)
        #
        
        This is because the logic in vfs_syscalls.c:dostatvfs() to
        hide mount points outside the chroot fails when the chroot dir is
        /.

>How-To-Repeat:
        chroot / /sbin/mount
>Fix:
Apply the following change to dostatvfs():

                 * data.
                 */
                if (strncmp(bp, sp->f_mntonname, len) == 0 &&
-                   ((c = sp->f_mntonname[len]) == '/' || c == '\0')) {
+                   (len <= 1 || (c = sp->f_mntonname[len]) == '/' || c == 
'\0')) {
                        (void)strlcpy(sp->f_mntonname, &sp->f_mntonname[len],
                            sizeof(sp->f_mntonname));
                        if (sp->f_mntonname[0] == '\0')

when the chroot dir is / len is 1 and bp is "/" f_mnttonname[1] is uneqal
to '/' and '\0' for all mount points other than /.

This broke in rev. 1.364 while fixing PR/38745.

The fix should be pulled up to 5.0.