kern/51617: locking a bad vnode pointer in ufs_extattr_autocreate_attr()

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/51617: locking a bad vnode pointer in ufs_extattr_autocreate_attr()
From: dholland%NetBSD.org@localhost
Date: Wed, 9 Nov 2016 05:40:00 +0000 (UTC)

>Number:         51617
>Category:       kern
>Synopsis:       locking a bad vnode pointer in ufs_extattr_autocreate_attr()
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 09 05:40:00 +0000 2016
>Originator:     David A. Holland
>Release:        NetBSD 7.99.40 (20161022)
>Organization:
>Environment:
System: n/a
Architecture: all
Machine: all
>Description:

ufs_extattr_autocreate_attr() calls vn_open() but doesn't check for
failure until after it's already attempted to lock the (potentially
invalid/uninitialized) result vnode.

>How-To-Repeat:

code reading

>Fix:

Like in 51616 I would appreciate if one of the people who has been
prodding this code could eyeball this patch, just in case I'm missing
something.


diff -r 2ec55b83ddc6 sys/ufs/ufs/ufs_extattr.c
--- a/sys/ufs/ufs/ufs_extattr.c	Wed Nov 09 00:28:21 2016 -0500
+++ b/sys/ufs/ufs/ufs_extattr.c	Wed Nov 09 00:31:27 2016 -0500
@@ -341,8 +341,10 @@ ufs_extattr_autocreate_attr(struct vnode
 	/*
 	 * Reacquire the lock on the vnode
 	 */
-	KASSERT(VOP_ISLOCKED(vp) == 0);
-	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
+	if (error == 0) {
+		KASSERT(VOP_ISLOCKED(vp) == 0);
+		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
+	}
 
 	ufs_extattr_uepm_lock(ump);

Prev by Date: Re: kern/46997: ufs_extattr_uepm_lock() is broken
Next by Date: PR/46997 CVS commit: src/sys/ufs/lfs
Previous by Thread: PR/46997 CVS commit: src/sys/ufs/ufs
Next by Thread: PR/46997 CVS commit: src/sys/ufs/lfs
Indexes:

Home | Main Index | Thread Index | Old Index