CVS commit: src/sys/kern

Mon, 15 Jun 2020 11:44:39 -0700 

Module Name:    src
Committed By:   ad
Date:           Mon Jun 15 18:44:10 UTC 2020

Modified Files:
        src/sys/kern: vfs_lookup.c

Log Message:
lookup_fastforward():

- If the root vnode of a mount is being reclaimed concurrent to a lookup,
  it's possbile to become confounded and bail out of the loop with both
  foundobj=NULL and searchdir=NULL (causing a NULL pointer deref).  If that
  happens everything should be rolled back to the start for retry.  Problem
  found and debugged by hannken@.

- If the terminal node was !VDIR then searchdir was needlessly referenced.
  No functional impact.


To generate a diff of this commit:
cvs rdiff -u -r1.223 -r1.224 src/sys/kern/vfs_lookup.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/vfs_lookup.c
diff -u src/sys/kern/vfs_lookup.c:1.223 src/sys/kern/vfs_lookup.c:1.224
--- src/sys/kern/vfs_lookup.c:1.223	Thu Jun  4 03:12:26 2020
+++ src/sys/kern/vfs_lookup.c	Mon Jun 15 18:44:10 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_lookup.c,v 1.223 2020/06/04 03:12:26 riastradh Exp $	*/
+/*	$NetBSD: vfs_lookup.c,v 1.224 2020/06/15 18:44:10 ad Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.223 2020/06/04 03:12:26 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.224 2020/06/15 18:44:10 ad Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_magiclinks.h"
@@ -1382,6 +1382,9 @@ lookup_fastforward(struct namei_state *s
 			if (error != 0) {
 				foundobj = NULL;
 				error = EOPNOTSUPP;
+			} else {
+				terminal = (foundobj->v_type != VLNK &&
+				    (cnp->cn_flags & ISLASTCN) != 0);
 			}
 			break;
 		}
@@ -1458,7 +1461,16 @@ lookup_fastforward(struct namei_state *s
 		 * fastforward to the beginning and let lookup_once() take
 		 * care of it.
 		 */
-		error2 = vcache_tryvget(searchdir);
+		if (searchdir == NULL) {
+			/*
+			 * It's possible for searchdir to be NULL in the
+			 * case of a root vnode being reclaimed while
+			 * trying to cross a mount.
+			 */
+			error2 = EOPNOTSUPP;
+		} else {
+			error2 = vcache_tryvget(searchdir);
+		}
 		KASSERT(plock != NULL);
 		rw_exit(plock);
 		if (__predict_true(error2 == 0)) {

Reply via email to