NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/50664: "cd .." over NFS/ZFS can panic kernel
The following reply was made to PR kern/50664; it has been noted by GNATS.
From: "J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>
To: Brian Marcotte <marcotte%panix.com@localhost>
Cc: gnats-bugs%NetBSD.org@localhost
Subject: Re: kern/50664: "cd .." over NFS/ZFS can panic kernel
Date: Mon, 18 Jan 2016 11:06:14 +0100
Bad, ZFS uses inode number 1 for DOTDOT. Found this message on a =
FreeBSD list:
=
https://lists.freebsd.org/pipermail/freebsd-current/2013-February/039486.h=
tml
> Actually I think I have an explanation, just been busy past couple of =
days.
> The problem is precisely with .zfs/shares, which is a strange beast =
that
> currently has no practical use on FreeBSD.
>=20
> .zfs/shares has its own on-disk node. The node has some special =
properties:
> - it is a directory node
> - it is not reachable from any other node
> - its parent ID is set to itself (as for a root node)
> - its ID is stored in a special filesystem property
Here "its parent ID is set to itself=E2=80=9D leads to the problem. =
This should
occur on root only.
This diff should prevent the crash:
--- nfs_vnops.c 12 Aug 2012 12:59:48 -0000 1.293.4.1
+++ nfs_vnops.c 18 Jan 2016 10:05:07 -0000
@@ -966,8 +966,12 @@ dorpc:
* ".." lookup
*/
VOP_UNLOCK(dvp);
error =3D nfs_nget(dvp->v_mount, fhp, fhsize, &np);
+ if (error =3D=3D 0 && dvp =3D=3D NFSTOV(np)) {
+ vput(NFSTOV(np));
+ error =3D EOPNOTSUPP;
+ }
vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY);
if (error) {
m_freem(mrep);
return error;
--
J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig (Germany)
Home |
Main Index |
Thread Index |
Old Index