From nobody Sat Mar 05 19:56:52 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0855519FF5CE; Sat, 5 Mar 2022 19:56:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K9wTw3jQ5z3tFL; Sat, 5 Mar 2022 19:56:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646510212; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vpeBZge6oOLqOEJlHSAAgKfYqLgOQG39ezKsXDT5jU4=; b=IbwsJz6gYWWhiY+z6IDkzsofd+hiM/gmPrGtrN4om6/D5rVs+yAxKagRtfxs/qru5na45R h/ec1cYiLJdTZ9MuF7Lq7DbWTsp+LAxwUGe1RCq26dSM7eTotaNKXzsEZ16KDio3lmxqT/ 6BU996lju2wd6NAq46aYMurg3iw/pW8wwKbLwKlGHeX86F/QeUi6LELOSgft5dQ4G8k3Od doZfvlf7L4qU7MZEBiBtEVDxcGgyojcmQsMQUIsdBCfXr/izhZ+5eFtAzseY6grC6n1T9H v3ZdHBEnAh+6uMF3qnqkmiefAfs/xA1gXhhxFqbtIubcdjgI2BJRb+NwxEwXhQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5B0FC265CC; Sat, 5 Mar 2022 19:56:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 225JuqdB018162; Sat, 5 Mar 2022 19:56:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 225Juq9C018161; Sat, 5 Mar 2022 19:56:52 GMT (envelope-from git) Date: Sat, 5 Mar 2022 19:56:52 GMT Message-Id: <202203051956.225Juq9C018161@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mateusz Guzik Subject: git: 54c0eac7c101 - stable/13 - cache: only let non-dir descriptors through when doing EMPTYPATH lookups List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mjg X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 54c0eac7c101c9927d581c12dcf2d6a2514d6aaf Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1646510212; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vpeBZge6oOLqOEJlHSAAgKfYqLgOQG39ezKsXDT5jU4=; b=x8AjUtz+4INH20o9IdzLI3NYe6tZp9Y4QzZUAGZDwiBxgt/lM9VWJlkE/q2gFX5fIZP0Wr Ns1qzXPuDsqBTR9te3a87K3ewnPu8jqYg0HYbeleKv+IVYJ7S10P2mEhblDSyr/Xew0zQM WpJ11dF9io5E0ktyGj8YNzVc2oWPPoHno89wyLf5k6QFhaqZdZrdIP5b7z7PK7vvf/WiuH /T016c+U2yM1u6YrCGocmJHytUuC9UQvemXCHDb17MjNVYzItDcUUxPA8cZhK09YwC/fMr D/Mwh/3KdmKhUErLP/yNpsl0M7oY5084VwiPuYMN0X/g/8OkMTANachdpDfkIQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1646510212; a=rsa-sha256; cv=none; b=j4arrS9LrV1te0nGXv23GMacfoeTse1TPEP+xU/FDootQ2GzZE2g8IsX8rBjiJ0+NgAP9w kUSRJn46ZUHNbQBUGTo6zfzTxfNaqfaLCkfYIFqwQDFO0ueZvEi6niMzY64+xphYodyUDh lnwSIXFy5r3+QoIO8I/GLsL7eqeGuFXe0eq8V2NYib0oOFioey+TKe24xCyPh30B7zVZua gTGJvBOellb01bhkAJS16ZPogZMzPd2XxfT4PhVIH8uFw2OL70j+C7MnWFaPIMXvSOS5OA cRdSEFt5MDOHKUqC3F8j5BT67eIqedoRdi6RH9luZ5woTZtW6MndDaRNXleRYw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=54c0eac7c101c9927d581c12dcf2d6a2514d6aaf commit 54c0eac7c101c9927d581c12dcf2d6a2514d6aaf Author: Mateusz Guzik AuthorDate: 2021-10-27 18:17:59 +0000 Commit: Mateusz Guzik CommitDate: 2022-03-05 19:52:57 +0000 cache: only let non-dir descriptors through when doing EMPTYPATH lookups Otherwise things like realpath against a file and '.' end up with an illegal state of having a regular vnode for the parent. Reported by: syzbot+9aa5439dd9c708aeb1a8@syzkaller.appspotmail.com (cherry picked from commit 628c3b307fb29e9812008b8a0b3ccb73e0f0ecfa) --- sys/kern/vfs_cache.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sys/kern/vfs_cache.c b/sys/kern/vfs_cache.c index 14e148b2f839..bc85c96c045f 100644 --- a/sys/kern/vfs_cache.c +++ b/sys/kern/vfs_cache.c @@ -4242,19 +4242,28 @@ cache_can_fplookup(struct cache_fpl *fpl) return (true); } -static int +static int __noinline cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp) { struct nameidata *ndp; + struct componentname *cnp; int error; bool fsearch; ndp = fpl->ndp; + cnp = fpl->cnp; + error = fgetvp_lookup_smr(ndp->ni_dirfd, ndp, vpp, &fsearch); if (__predict_false(error != 0)) { return (cache_fpl_aborted(fpl)); } fpl->fsearch = fsearch; + if ((*vpp)->v_type != VDIR) { + if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) { + cache_fpl_smr_exit(fpl); + return (cache_fpl_handled_error(fpl, ENOTDIR)); + } + } return (0); }