Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6-0]: src Pull up following revision(s) (requested by maxv in tic...
details: https://anonhg.NetBSD.org/src/rev/25714aab9d27
branches: netbsd-6-0
changeset: 774936:25714aab9d27
user: bouyer <bouyer%NetBSD.org@localhost>
date: Mon Apr 21 10:15:36 2014 +0000
description:
Pull up following revision(s) (requested by maxv in ticket #1050):
sys/ufs/chfs/chfs_vfsops.c: revision 1.11
sys/fs/unionfs/unionfs_vfsops.c: revision 1.13
sys/fs/nilfs/nilfs_vfsops.c: revision 1.16
sys/ufs/mfs/mfs_vfsops.c: revision 1.107
sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43
sys/ufs/ffs/ffs_vfsops.c: revision 1.297
sys/kern/vfs_syscalls.c: revision 1.478
sys/kern/vfs_syscalls.c: revision 1.479
sys/fs/puffs/puffs_vfsops.c: revision 1.110
sys/fs/cd9660/cd9660_vfsops.c: revision 1.84
sys/nfs/nfs_vfsops.c: revision 1.227
sys/fs/v7fs/v7fs_vfsops.c: revision 1.10
sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180
sys/miscfs/umapfs/umap_vfsops.c: revision 1.92
sys/fs/filecorefs/filecore_vfsops.c: revision 1.76
sys/miscfs/nullfs/null_vfsops.c: revision 1.88
sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50
sys/coda/coda_vfsops.c: revision 1.81
sys/ufs/lfs/lfs_vfsops.c: revision 1.321
sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59
sys/fs/hfs/hfs_vfsops.c: revision 1.31
sys/miscfs/overlay/overlay_vfsops.c: revision 1.61
sys/fs/union/union_vfsops.c: revision 1.72
sys/fs/ntfs/ntfs_vfsops.c: revision 1.94
sys/kern/vfs_syscalls.c: revision 1.480
sys/fs/efs/efs_vfsops.c: revision 1.25
sys/kern/vfs_syscalls.c: revision 1.482
sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107
external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12
sys/miscfs/procfs/procfs_vfsops.c: revision 1.91
sys/fs/smbfs/smbfs_vfsops.c: revision 1.100
sys/fs/adosfs/advfsops.c: revision 1.70
sys/fs/udf/udf_vfsops.c: revision 1.67
Limit check for 'data_len'. Otherwise a (un)privileged user can easily
panic the system by passing a huge size.
ok christos@
An (un)privileged user can easily make the kernel dereference a NULL
pointer.
The kernel allows 'data' to be NULL; it's the fs's responsibility to
ensure that it isn't NULL (if the fs actually needs data).
ok christos@
Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check
to prevent an (un)privileged user from requesting a zero-sized allocation
(and thus a panic).
This thing is totally buggy: 'data_len' is modified by the fs, so calling
kmem_free with it while its value has changed since the kmem_alloc is far
from being a good idea.
If the kernel figures out that something mismatches, it will panic
(typically with kernfs).
diffstat:
external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c | 3 ++
sys/coda/coda_vfsops.c | 6 ++-
sys/fs/adosfs/advfsops.c | 6 ++-
sys/fs/cd9660/cd9660_vfsops.c | 6 ++-
sys/fs/efs/efs_vfsops.c | 6 ++-
sys/fs/filecorefs/filecore_vfsops.c | 6 ++-
sys/fs/hfs/hfs_vfsops.c | 6 ++-
sys/fs/msdosfs/msdosfs_vfsops.c | 6 ++-
sys/fs/nilfs/nilfs_vfsops.c | 6 ++-
sys/fs/ntfs/ntfs_vfsops.c | 6 ++-
sys/fs/ptyfs/ptyfs_vfsops.c | 6 ++-
sys/fs/puffs/puffs_vfsops.c | 12 ++-----
sys/fs/smbfs/smbfs_vfsops.c | 6 ++-
sys/fs/sysvbfs/sysvbfs_vfsops.c | 6 ++-
sys/fs/tmpfs/tmpfs_vfsops.c | 7 +++-
sys/fs/udf/udf_vfsops.c | 6 ++-
sys/fs/union/union_vfsops.c | 6 ++-
sys/fs/unionfs/unionfs_vfsops.c | 2 +
sys/fs/v7fs/v7fs_vfsops.c | 6 ++-
sys/kern/vfs_syscalls.c | 23 +++++++++++-----
sys/miscfs/nullfs/null_vfsops.c | 6 ++-
sys/miscfs/overlay/overlay_vfsops.c | 6 ++-
sys/miscfs/procfs/procfs_vfsops.c | 7 +++-
sys/miscfs/umapfs/umap_vfsops.c | 6 ++-
sys/nfs/nfs_vfsops.c | 6 ++-
sys/ufs/chfs/chfs_vfsops.c | 4 ++-
sys/ufs/ext2fs/ext2fs_vfsops.c | 6 ++-
sys/ufs/ffs/ffs_vfsops.c | 6 ++-
sys/ufs/lfs/lfs_vfsops.c | 6 ++-
sys/ufs/mfs/mfs_vfsops.c | 6 ++-
30 files changed, 129 insertions(+), 67 deletions(-)
diffs (truncated from 829 to 300 lines):
diff -r e5812a6481df -r 25714aab9d27 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c
--- a/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1624,6 +1624,9 @@
if (mvp->v_type != VDIR)
return (ENOTDIR);
+ if (uap == NULL)
+ return (EINVAL);
+
mutex_enter(mvp->v_interlock);
if ((uap->flags & MS_REMOUNT) == 0 &&
(uap->flags & MS_OVERLAY) == 0 &&
diff -r e5812a6481df -r 25714aab9d27 sys/coda/coda_vfsops.c
--- a/sys/coda/coda_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/coda/coda_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: coda_vfsops.c,v 1.70 2011/09/27 00:54:47 christos Exp $ */
+/* $NetBSD: coda_vfsops.c,v 1.70.12.1 2014/04/21 10:15:37 bouyer Exp $ */
/*
*
@@ -45,7 +45,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.70 2011/09/27 00:54:47 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.70.12.1 2014/04/21 10:15:37 bouyer Exp $");
#ifndef _KERNEL_OPT
#define NVCODA 4
@@ -185,6 +185,8 @@
CodaFid ctlfid = CTL_FID;
int error;
+ if (data == NULL)
+ return EINVAL;
if (vfsp->mnt_flag & MNT_GETARGS)
return EINVAL;
ENTRY;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/adosfs/advfsops.c
--- a/sys/fs/adosfs/advfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/adosfs/advfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: advfsops.c,v 1.63 2011/11/14 18:35:12 hannken Exp $ */
+/* $NetBSD: advfsops.c,v 1.63.10.1 2014/04/21 10:15:38 bouyer Exp $ */
/*
* Copyright (c) 1994 Christian E. Hopps
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.63 2011/11/14 18:35:12 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.63.10.1 2014/04/21 10:15:38 bouyer Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -91,6 +91,8 @@
int error;
mode_t accessmode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/cd9660/cd9660_vfsops.c
--- a/sys/fs/cd9660/cd9660_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/cd9660/cd9660_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cd9660_vfsops.c,v 1.74 2011/11/14 18:35:12 hannken Exp $ */
+/* $NetBSD: cd9660_vfsops.c,v 1.74.10.1 2014/04/21 10:15:36 bouyer Exp $ */
/*-
* Copyright (c) 1994
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.74 2011/11/14 18:35:12 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.74.10.1 2014/04/21 10:15:36 bouyer Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -224,6 +224,8 @@
int error;
struct iso_mnt *imp = VFSTOISOFS(mp);
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/efs/efs_vfsops.c
--- a/sys/fs/efs/efs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/efs/efs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: efs_vfsops.c,v 1.22 2011/06/12 03:35:52 rmind Exp $ */
+/* $NetBSD: efs_vfsops.c,v 1.22.12.1 2014/04/21 10:15:37 bouyer Exp $ */
/*
* Copyright (c) 2006 Stephen M. Rumble <rumble%ephemeral.org@localhost>
@@ -17,7 +17,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.22 2011/06/12 03:35:52 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.22.12.1 2014/04/21 10:15:37 bouyer Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -182,6 +182,8 @@
struct vnode *devvp;
int err, mode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/filecorefs/filecore_vfsops.c
--- a/sys/fs/filecorefs/filecore_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/filecorefs/filecore_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: filecore_vfsops.c,v 1.68 2011/11/14 18:35:13 hannken Exp $ */
+/* $NetBSD: filecore_vfsops.c,v 1.68.10.1 2014/04/21 10:15:37 bouyer Exp $ */
/*-
* Copyright (c) 1994 The Regents of the University of California.
@@ -66,7 +66,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.68 2011/11/14 18:35:13 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.68.10.1 2014/04/21 10:15:37 bouyer Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -239,6 +239,8 @@
int error;
struct filecore_mnt *fcmp = NULL;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/hfs/hfs_vfsops.c
--- a/sys/fs/hfs/hfs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/hfs/hfs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: hfs_vfsops.c,v 1.27.8.1 2012/06/24 16:03:39 jdc Exp $ */
+/* $NetBSD: hfs_vfsops.c,v 1.27.8.1.4.1 2014/04/21 10:15:37 bouyer Exp $ */
/*-
* Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
@@ -99,7 +99,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.27.8.1 2012/06/24 16:03:39 jdc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.27.8.1.4.1 2014/04/21 10:15:37 bouyer Exp $");
#ifdef _KERNEL_OPT
#include "opt_compat_netbsd.h"
@@ -205,6 +205,8 @@
int update;
mode_t accessmode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/msdosfs/msdosfs_vfsops.c
--- a/sys/fs/msdosfs/msdosfs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/msdosfs/msdosfs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: msdosfs_vfsops.c,v 1.93.6.1 2012/07/05 17:36:31 riz Exp $ */
+/* $NetBSD: msdosfs_vfsops.c,v 1.93.6.1.4.1 2014/04/21 10:15:37 bouyer Exp $ */
/*-
* Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@@ -48,7 +48,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.93.6.1 2012/07/05 17:36:31 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.93.6.1.4.1 2014/04/21 10:15:37 bouyer Exp $");
#if defined(_KERNEL_OPT)
#include "opt_compat_netbsd.h"
@@ -293,6 +293,8 @@
int error, flags;
mode_t accessmode;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/nilfs/nilfs_vfsops.c
--- a/sys/fs/nilfs/nilfs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/nilfs/nilfs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nilfs_vfsops.c,v 1.8 2011/11/14 18:35:13 hannken Exp $ */
+/* $NetBSD: nilfs_vfsops.c,v 1.8.10.1 2014/04/21 10:15:36 bouyer Exp $ */
/*
* Copyright (c) 2008, 2009 Reinoud Zandijk
@@ -28,7 +28,7 @@
#include <sys/cdefs.h>
#ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.8 2011/11/14 18:35:13 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.8.10.1 2014/04/21 10:15:36 bouyer Exp $");
#endif /* not lint */
@@ -804,6 +804,8 @@
DPRINTF(VFSCALL, ("nilfs_mount called\n"));
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/ntfs/ntfs_vfsops.c
--- a/sys/fs/ntfs/ntfs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/ntfs/ntfs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ntfs_vfsops.c,v 1.87 2011/11/14 18:35:13 hannken Exp $ */
+/* $NetBSD: ntfs_vfsops.c,v 1.87.12.1 2014/04/21 10:15:37 bouyer Exp $ */
/*-
* Copyright (c) 1998, 1999 Semen Ustimenko
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.87 2011/11/14 18:35:13 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.87.12.1 2014/04/21 10:15:37 bouyer Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -174,6 +174,8 @@
struct vnode *devvp;
struct ntfs_args *args = data;
+ if (args == NULL)
+ return EINVAL;
if (*data_len < sizeof *args)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/ptyfs/ptyfs_vfsops.c
--- a/sys/fs/ptyfs/ptyfs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/ptyfs/ptyfs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ptyfs_vfsops.c,v 1.42.18.1 2012/10/01 17:35:05 riz Exp $ */
+/* $NetBSD: ptyfs_vfsops.c,v 1.42.18.1.2.1 2014/04/21 10:15:37 bouyer Exp $ */
/*
* Copyright (c) 1992, 1993, 1995
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.42.18.1 2012/10/01 17:35:05 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.42.18.1.2.1 2014/04/21 10:15:37 bouyer Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -218,6 +218,8 @@
struct ptyfsmount *pmnt;
struct ptyfs_args *args = data;
+ if (args == NULL)
+ return EINVAL;
if (*data_len != sizeof *args && *data_len != OSIZE)
return EINVAL;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/puffs/puffs_vfsops.c
--- a/sys/fs/puffs/puffs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/puffs/puffs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: puffs_vfsops.c,v 1.100.8.2 2012/08/12 13:13:21 martin Exp $ */
+/* $NetBSD: puffs_vfsops.c,v 1.100.8.2.4.1 2014/04/21 10:15:36 bouyer Exp $ */
/*
* Copyright (c) 2005, 2006 Antti Kantee. All Rights Reserved.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.100.8.2 2012/08/12 13:13:21 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.100.8.2.4.1 2014/04/21 10:15:36 bouyer Exp $");
#include <sys/param.h>
Home |
Main Index |
Thread Index |
Old Index