diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-05-22 20:27:05 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-05-22 20:27:05 +0000 |
| commit | d1e38bbbabbac77088f68016026dbda443fbdb18 (patch) | |
| tree | e4b9217151b94df7ffd5152cbbf7daeb66b0b4be /sys/ufs/ffs/ffs_vfsops.c | |
| parent | 68e756caae87974e5433b9670708d23acfd68155 (diff) | |
When pulling an msdos formated umass stick during mount while the
usb stack was busy, the kernel could trigger an uvm fault. There
is a race between vop_generic_revoke() and sys_mount() where vgonel()
could reset v_specinfo. Then v_specmountpoint is no longer valid.
So after sleeping, msdosfs_mountfs() could crash in the error path.
The code in the different *_mountfs() functions was inconsistent,
implement the same check everywhere.
OK krw@ natano@
Diffstat (limited to 'sys/ufs/ffs/ffs_vfsops.c')
| -rw-r--r-- | sys/ufs/ffs/ffs_vfsops.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 6c14e51f593..1768b0c6412 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ffs_vfsops.c,v 1.156 2016/05/10 10:37:57 krw Exp $ */ +/* $OpenBSD: ffs_vfsops.c,v 1.157 2016/05/22 20:27:04 bluhm Exp $ */ /* $NetBSD: ffs_vfsops.c,v 1.19 1996/02/09 22:22:26 christos Exp $ */ /* @@ -943,7 +943,8 @@ ffs_mountfs(struct vnode *devvp, struct mount *mp, struct proc *p) } return (0); out: - devvp->v_specmountpoint = NULL; + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp) brelse(bp); |