Date: Wed, 30 Aug 2006 20:29:44 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 105351 for review Message-ID: <200608302029.k7UKTilK022646@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=105351 Change 105351 by millert@millert_g4tower on 2006/08/30 20:29:41 Fix error cleanup when trying to mount with an invalid label. There were two problems. One is a simple memory leak. The other is more complicated and described below: When mounting a filesystem in non-update mode we need to decrement the reference count on error that we incremented earlier. However, at the point at which the MAC errors can occur we can't tell whether we need to do that cleanup or not w/o first checking the user flags and making sure devpath is non-NULL. As such it is simplest to just put the checks at the out3 label and use that as the goto target on error. These checks were not needed in the vendor code since the only "goto out3" calls occur in a code path where the user flags and devpath have already been checked. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#2 (text+ko) ==== @@ -522,28 +522,29 @@ if ((uap->flags & MNT_UPDATE) != 0) { error = mac_check_mount_fs_relabel(kauth_cred_get(), mp); if (error != 0) - goto out1; + goto out3; } error = copyin(CAST_USER_ADDR_T(uap->mac_p), (caddr_t)&mac, sizeof(mac)); if (error != 0) - goto out1; + goto out3; if ((mac.m_buflen > MAC_MAX_LABEL_BUF_LEN) || (mac.m_buflen < 2)) { error = EINVAL; - goto out1; + goto out3; } MALLOC(labelstr, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(CAST_USER_ADDR_T(mac.m_string), labelstr, mac.m_buflen, &ulen); if (error != 0) { FREE(labelstr, M_MACTEMP); - goto out1; + goto out3; + } + error = mac_internalize_mount_label(mp->mnt_mntlabel, labelstr); + if (error != 0) { + FREE(labelstr, M_MACTEMP); + goto out3; } - error = mac_internalize_mount_fs_label(mp->mnt_fslabel, labelstr); - if (error != 0) - goto out1; - FREE(labelstr, M_MACTEMP); } #endif /* @@ -575,13 +576,13 @@ error = VFS_ROOT(mp, &rvp, &context); if (error) { printf("%s() VFS_ROOT returned %d\n", __func__, error); - goto out2; + goto out3; } /* VFS_ROOT provides reference so needref = 0 */ error = vnode_label(mp, NULL, rvp, NULL, 0, &context); if (error) - goto out2; + goto out3; } #endif /* MAC */ @@ -650,7 +651,8 @@ return(error); out3: - vnode_rele(devvp); + if (devpath && ((uap->flags & MNT_UPDATE) == 0)) + vnode_rele(devvp); out2: if (devpath && devvp) vnode_put(devvp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608302029.k7UKTilK022646>