Module Name: src Committed By: riastradh Date: Fri Apr 19 00:45:41 UTC 2024
Modified Files: src/sys/kern: vfs_mount.c Log Message: dounmount: Avoid &((struct vnode_impl *)NULL)->vi_vnode. Member access of a null pointer is undefined, even if the result should also be null because vi_vnode is at the start of vnode_impl. Reported-by: syzbot+a4b2d13c0d6d4dac2...@syzkaller.appspotmail.com https://syzkaller.appspot.com/bug?extid=a4b2d13c0d6d4dac2d07 To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 src/sys/kern/vfs_mount.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/vfs_mount.c diff -u src/sys/kern/vfs_mount.c:1.104 src/sys/kern/vfs_mount.c:1.105 --- src/sys/kern/vfs_mount.c:1.104 Wed Jan 17 10:17:29 2024 +++ src/sys/kern/vfs_mount.c Fri Apr 19 00:45:41 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: vfs_mount.c,v 1.104 2024/01/17 10:17:29 hannken Exp $ */ +/* $NetBSD: vfs_mount.c,v 1.105 2024/04/19 00:45:41 riastradh Exp $ */ /*- * Copyright (c) 1997-2020 The NetBSD Foundation, Inc. @@ -67,7 +67,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: vfs_mount.c,v 1.104 2024/01/17 10:17:29 hannken Exp $"); +__KERNEL_RCSID(0, "$NetBSD: vfs_mount.c,v 1.105 2024/04/19 00:45:41 riastradh Exp $"); #include "veriexec.h" @@ -936,7 +936,8 @@ err_mounted: int dounmount(struct mount *mp, int flags, struct lwp *l) { - vnode_t *coveredvp, *vp; + struct vnode *coveredvp, *vp; + struct vnode_impl *vip; int error, async, used_syncer, used_extattr; const bool was_suspended = fstrans_is_owner(mp); @@ -1003,7 +1004,9 @@ dounmount(struct mount *mp, int flags, s vfs_resume(mp); mountlist_remove(mp); - if ((vp = VIMPL_TO_VNODE(TAILQ_FIRST(&mp->mnt_vnodelist))) != NULL) { + + if ((vip = TAILQ_FIRST(&mp->mnt_vnodelist)) != NULL) { + vp = VIMPL_TO_VNODE(vip); vprint("dangling", vp); panic("unmount: dangling vnode"); }