[src/trunk]: src/sys/kern vfs_mountedon() can only and only handle special de...

[reinoud <reinoud%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f17ed91581dd
branches:  trunk
changeset: 587288:f17ed91581dd
user:      reinoud <reinoud%NetBSD.org@localhost>
date:      Wed Jan 18 14:26:55 2006 +0000

description:
vfs_mountedon() can only and only handle special device nodes and will
otherwise generate an UVM trap or will access random memory. This is due to
the dereference of vp->v_specmountpoint that is really
vp->v_specinfo->si_mountpoint. The field v_specinfo is multiplexed with
other structs in the vun union in struct vnode like struct socket.

The patch adds a sanity check for accessing the specinfo fields by only
allowing VBLK nodes to be passed. In theory also VCHR could be valid since
its also a special node though mounting is only done on VBLK so be strict.

Ok'd by yamt.

diffstat:

 sys/kern/vfs_subr.c |  6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diffs (27 lines):

diff -r 99c99729214f -r f17ed91581dd sys/kern/vfs_subr.c
--- a/sys/kern/vfs_subr.c       Wed Jan 18 14:01:16 2006 +0000
+++ b/sys/kern/vfs_subr.c       Wed Jan 18 14:26:55 2006 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: vfs_subr.c,v 1.260 2006/01/16 21:44:46 yamt Exp $      */
+/*     $NetBSD: vfs_subr.c,v 1.261 2006/01/18 14:26:55 reinoud Exp $   */
 
 /*-
  * Copyright (c) 1997, 1998, 2004, 2005 The NetBSD Foundation, Inc.
@@ -80,7 +80,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.260 2006/01/16 21:44:46 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_subr.c,v 1.261 2006/01/18 14:26:55 reinoud Exp $");
 
 #include "opt_inet.h"
 #include "opt_ddb.h"
@@ -2063,6 +2063,8 @@
        struct vnode *vq;
        int error = 0;
 
+       if (vp->v_type != VBLK)
+               return ENOTBLK;
        if (vp->v_specmountpoint != NULL)
                return (EBUSY);
        if (vp->v_flag & VALIASED) {