From nobody Fri Mar 25 18:23:03 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id D6DF21A3F704; Fri, 25 Mar 2022 18:23:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KQ9SR5fdxz4VPd; Fri, 25 Mar 2022 18:23:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648232583; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bRJrsszme9X+d/n3yUu0GLdMiweWOrvhcOeE+6/Rmdg=; b=x3yFF0a0EpJxcvnEYGTUgzQASB+6aa5utJZZ/baUPlf6trG9Zampl9fIi/R9PnRJilc+mT mf1PmgmhnHmi3cAfGwV5CcCWIGc018XxgXFyEnBgA+KD4i0iCRY8o4SvCw4dCJxZHmhL0G cd0MgaHJ/WW/3l8+qJcjIQq5XbpZCbOsRdyja6b16EEG+zQ5y4xcounfU63oqdQBGNutdl 3hhlBepaZdUs6BR69d7ziV/Li1sJUW7UNZyHJ/SxE/tx4LWMtowO8lnjCiyF3ZT3kmRNrp mhLWDqcus3xC5YMwGcZuNb81iXK4h7/BTVP02ZZlWczQgOc07J38bai6Cn2wgw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A257E11D9D; Fri, 25 Mar 2022 18:23:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22PIN3at013190; Fri, 25 Mar 2022 18:23:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22PIN3uY013189; Fri, 25 Mar 2022 18:23:03 GMT (envelope-from git) Date: Fri, 25 Mar 2022 18:23:03 GMT Message-Id: <202203251823.22PIN3uY013189@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mateusz Guzik Subject: git: 0f600883990e - main - vfs: set cn_namelen when handling degenerate lookups List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mjg X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0f600883990ea96d2026389cfe84ca6130f6d3aa Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1648232583; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bRJrsszme9X+d/n3yUu0GLdMiweWOrvhcOeE+6/Rmdg=; b=bivAlf45zYFbmU4cfSQwcdRzgC8J8WNarFRK01WhzOdqKxKltkpbDKeECsuYJqLewrKjlv 3HEerUC297woaaW6x4XBuUxxiemefAmxCVNGco3AOXb2y11OvkYAZpr7T55P5aW5i2hJnr 8G2EV0QspfEYTBYeRJSQ96OJhUARsTWvXh4XHHpl3CTtlJISCBLVGR5YoOewWLAmWE41qd O170ecpZuFGdALzpcCCi4zCDkhI1aCs9cexTiYz17mAzasxPy77zvgQoHOLojZgzBm32ry RMwOJDQxDmXkhtcMt8wpnc2fKIG85tlr5uYAMNIcd7xrLATG64dVnKbyStBGsg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1648232583; a=rsa-sha256; cv=none; b=phvg68Q6Xx+7Y7C/+5FKmAyucM1imluvrZLXkmeY9lJ+Ontu/hCG9/wcUp+iuWHcQSMa7E wEtqumd6qDFkQanGISas4Zb1Mgh1wBu+hb4L0eZDfhBQHVXO77PIvfgbBQ7abHjKs+vzg8 AzEAf+5qKnlyJAy+7EbejB27a0EWvbOCEm7YNv5MVb4p1vtp284oWTgUqDRlsZppgWS/n+ g1VECmtqZz4sJcFcrXRQsoKCoJJO4rVjcdI7NeugQIs9j9Czf2Rjd8SsDSO4fJlhZDDpai 8e/11I7JSrCwHtcPd8v1ds7GPFLkdbFuGmAh4O5ZYqOhFachevLlPI6QbfA3LQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=0f600883990ea96d2026389cfe84ca6130f6d3aa commit 0f600883990ea96d2026389cfe84ca6130f6d3aa Author: Mateusz Guzik AuthorDate: 2022-03-25 18:19:36 +0000 Commit: Mateusz Guzik CommitDate: 2022-03-25 18:19:36 +0000 vfs: set cn_namelen when handling degenerate lookups Turns out execve looks at it to store binary name, but in order to trigger the problem one has to be trying to exec '/'. As is the value would be left uninitialized (or rather set to -1 on debug kernels). Fixes: 56244d35741a62e7 ("vfs: hoist degenerate path lookups out of the loop") --- sys/kern/vfs_lookup.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index 71173d189ef2..faef7b6cb254 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -853,6 +853,7 @@ vfs_lookup_degenerate(struct nameidata *ndp, struct vnode *dp, int wantparent) VREF(dp); } ndp->ni_vp = dp; + cnp->cn_namelen = 0; if (cnp->cn_flags & AUDITVNODE1) AUDIT_ARG_VNODE1(dp);