Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jun 2022 14:40:51 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 353aa91c6457 - stable/13 - mount: Fix an incorrect assertion in kernel_mount()
Message-ID:  <202206291440.25TEep5C031636@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=353aa91c6457ef125c466610754788009d81d4d3

commit 353aa91c6457ef125c466610754788009d81d4d3
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-06-14 15:36:00 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-06-29 14:12:33 +0000

    mount: Fix an incorrect assertion in kernel_mount()
    
    The pointer to the mount values may be null if an error occurred while
    copying them in, so fix the assertion condition to reflect that
    possibility.
    
    While here, move some initialization code into the error == 0 block.  No
    functional change intended.
    
    Reported by:    syzkaller
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit 7565431f30909e67b1fd811155eb8788421e51d9)
---
 sys/kern/vfs_mount.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index 4181502bdea8..fa567361ae85 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -2471,16 +2471,16 @@ kernel_mount(struct mntarg *ma, uint64_t flags)
 	int error;
 
 	KASSERT(ma != NULL, ("kernel_mount NULL ma"));
-	KASSERT(ma->v != NULL, ("kernel_mount NULL ma->v"));
+	KASSERT(ma->error != 0 || ma->v != NULL, ("kernel_mount NULL ma->v"));
 	KASSERT(!(ma->len & 1), ("kernel_mount odd ma->len (%d)", ma->len));
 
-	auio.uio_iov = ma->v;
-	auio.uio_iovcnt = ma->len;
-	auio.uio_segflg = UIO_SYSSPACE;
-
 	error = ma->error;
-	if (!error)
+	if (error == 0) {
+		auio.uio_iov = ma->v;
+		auio.uio_iovcnt = ma->len;
+		auio.uio_segflg = UIO_SYSSPACE;
 		error = vfs_donmount(curthread, flags, &auio);
+	}
 	free_mntarg(ma);
 	return (error);
 }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206291440.25TEep5C031636>