Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 May 2019 15:12:13 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r348052 - head/sys/kern
Message-ID:  <201905211512.x4LFCDEi046141@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kib
Date: Tue May 21 15:12:13 2019
New Revision: 348052
URL: https://svnweb.freebsd.org/changeset/base/348052

Log:
  NDFREE(): Fix unlocking for LOCKPARENT|LOCKLEAF and ndp->ni_dvp == ndp->ni_vp.
  
  NDFREE() calculates unlock_dvp after ndp->ni_vp is unlocked and zeroed
  out. This makes the comparision of ni_dvp with ni_vp always fail.
  Move the calculation of unlock_dvp right after unlock_vp, so that the
  code sees correct ni_vp value.
  
  Reproduced by
  	   chdir("/usr");
  	   open("/..", O_BENEATH | O_RDONLY);
  
  Reported by:	syzkaller
  Reviewed by:	markj, mckusick
  Tested by:	pho
  Sponsored by:	The FreeBSD Foundation
  MFC after:	1 week
  Differential revision:	https://reviews.freebsd.org/D20304

Modified:
  head/sys/kern/vfs_lookup.c

Modified: head/sys/kern/vfs_lookup.c
==============================================================================
--- head/sys/kern/vfs_lookup.c	Tue May 21 13:29:53 2019	(r348051)
+++ head/sys/kern/vfs_lookup.c	Tue May 21 15:12:13 2019	(r348052)
@@ -1332,6 +1332,10 @@ NDFREE(struct nameidata *ndp, const u_int flags)
 	if (!(flags & NDF_NO_VP_UNLOCK) &&
 	    (ndp->ni_cnd.cn_flags & LOCKLEAF) && ndp->ni_vp)
 		unlock_vp = 1;
+	if (!(flags & NDF_NO_DVP_UNLOCK) &&
+	    (ndp->ni_cnd.cn_flags & LOCKPARENT) &&
+	    ndp->ni_dvp != ndp->ni_vp)
+		unlock_dvp = 1;
 	if (!(flags & NDF_NO_VP_RELE) && ndp->ni_vp) {
 		if (unlock_vp) {
 			vput(ndp->ni_vp);
@@ -1342,10 +1346,6 @@ NDFREE(struct nameidata *ndp, const u_int flags)
 	}
 	if (unlock_vp)
 		VOP_UNLOCK(ndp->ni_vp, 0);
-	if (!(flags & NDF_NO_DVP_UNLOCK) &&
-	    (ndp->ni_cnd.cn_flags & LOCKPARENT) &&
-	    ndp->ni_dvp != ndp->ni_vp)
-		unlock_dvp = 1;
 	if (!(flags & NDF_NO_DVP_RELE) &&
 	    (ndp->ni_cnd.cn_flags & (LOCKPARENT|WANTPARENT))) {
 		if (unlock_dvp) {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905211512.x4LFCDEi046141>