git: 628c3b307fb2 - main - cache: only let non-dir descriptors through when doing EMPTYPATH lookups
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 27 Oct 2021 18:28:18 UTC
The branch main has been updated by mjg:
URL: https://cgit.FreeBSD.org/src/commit/?id=628c3b307fb29e9812008b8a0b3ccb73e0f0ecfa
commit 628c3b307fb29e9812008b8a0b3ccb73e0f0ecfa
Author: Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2021-10-27 18:17:59 +0000
Commit: Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2021-10-27 18:27:47 +0000
cache: only let non-dir descriptors through when doing EMPTYPATH lookups
Otherwise things like realpath against a file and '.' end up with an
illegal state of having a regular vnode for the parent.
Reported by: syzbot+9aa5439dd9c708aeb1a8@syzkaller.appspotmail.com
---
sys/kern/vfs_cache.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/sys/kern/vfs_cache.c b/sys/kern/vfs_cache.c
index 656f446b7394..99f7314822f0 100644
--- a/sys/kern/vfs_cache.c
+++ b/sys/kern/vfs_cache.c
@@ -4245,19 +4245,28 @@ cache_can_fplookup(struct cache_fpl *fpl)
return (true);
}
-static int
+static int __noinline
cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp)
{
struct nameidata *ndp;
+ struct componentname *cnp;
int error;
bool fsearch;
ndp = fpl->ndp;
+ cnp = fpl->cnp;
+
error = fgetvp_lookup_smr(ndp->ni_dirfd, ndp, vpp, &fsearch);
if (__predict_false(error != 0)) {
return (cache_fpl_aborted(fpl));
}
fpl->fsearch = fsearch;
+ if ((*vpp)->v_type != VDIR) {
+ if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) {
+ cache_fpl_smr_exit(fpl);
+ return (cache_fpl_handled_error(fpl, ENOTDIR));
+ }
+ }
return (0);
}