diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-05-22 20:27:05 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-05-22 20:27:05 +0000 |
| commit | d1e38bbbabbac77088f68016026dbda443fbdb18 (patch) | |
| tree | e4b9217151b94df7ffd5152cbbf7daeb66b0b4be /sys | |
| parent | 68e756caae87974e5433b9670708d23acfd68155 (diff) | |
When pulling an msdos formated umass stick during mount while the
usb stack was busy, the kernel could trigger an uvm fault. There
is a race between vop_generic_revoke() and sys_mount() where vgonel()
could reset v_specinfo. Then v_specmountpoint is no longer valid.
So after sleeping, msdosfs_mountfs() could crash in the error path.
The code in the different *_mountfs() functions was inconsistent,
implement the same check everywhere.
OK krw@ natano@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/isofs/cd9660/cd9660_vfsops.c | 4 | ||||
| -rw-r--r-- | sys/isofs/udf/udf_vfsops.c | 4 | ||||
| -rw-r--r-- | sys/msdosfs/msdosfs_vfsops.c | 5 | ||||
| -rw-r--r-- | sys/ntfs/ntfs_vfsops.c | 5 | ||||
| -rw-r--r-- | sys/ufs/ext2fs/ext2fs_vfsops.c | 4 | ||||
| -rw-r--r-- | sys/ufs/ffs/ffs_vfsops.c | 5 |
6 files changed, 18 insertions, 9 deletions
diff --git a/sys/isofs/cd9660/cd9660_vfsops.c b/sys/isofs/cd9660/cd9660_vfsops.c index 95dd7169123..2997ffbf4f9 100644 --- a/sys/isofs/cd9660/cd9660_vfsops.c +++ b/sys/isofs/cd9660/cd9660_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cd9660_vfsops.c,v 1.78 2016/04/26 18:37:02 natano Exp $ */ +/* $OpenBSD: cd9660_vfsops.c,v 1.79 2016/05/22 20:27:04 bluhm Exp $ */ /* $NetBSD: cd9660_vfsops.c,v 1.26 1997/06/13 15:38:58 pk Exp $ */ /*- @@ -446,6 +446,8 @@ iso_mountfs(devvp, mp, p, argp) return (0); out: + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp) brelse(bp); if (supbp) diff --git a/sys/isofs/udf/udf_vfsops.c b/sys/isofs/udf/udf_vfsops.c index b56e53ff41c..c4e2524047b 100644 --- a/sys/isofs/udf/udf_vfsops.c +++ b/sys/isofs/udf/udf_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udf_vfsops.c,v 1.50 2016/04/26 18:37:02 natano Exp $ */ +/* $OpenBSD: udf_vfsops.c,v 1.51 2016/05/22 20:27:04 bluhm Exp $ */ /* * Copyright (c) 2001, 2002 Scott Long <scottl@freebsd.org> @@ -449,6 +449,8 @@ bail: mp->mnt_data = NULL; mp->mnt_flag &= ~MNT_LOCAL; } + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp != NULL) brelse(bp); diff --git a/sys/msdosfs/msdosfs_vfsops.c b/sys/msdosfs/msdosfs_vfsops.c index 1609246478d..01b90342d53 100644 --- a/sys/msdosfs/msdosfs_vfsops.c +++ b/sys/msdosfs/msdosfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: msdosfs_vfsops.c,v 1.77 2016/04/26 18:37:03 natano Exp $ */ +/* $OpenBSD: msdosfs_vfsops.c,v 1.78 2016/05/22 20:27:04 bluhm Exp $ */ /* $NetBSD: msdosfs_vfsops.c,v 1.48 1997/10/18 02:54:57 briggs Exp $ */ /*- @@ -583,7 +583,8 @@ msdosfs_mountfs(struct vnode *devvp, struct mount *mp, struct proc *p, return (0); error_exit: - devvp->v_specmountpoint = NULL; + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp) brelse(bp); diff --git a/sys/ntfs/ntfs_vfsops.c b/sys/ntfs/ntfs_vfsops.c index f78a99f4efd..fedc49d3983 100644 --- a/sys/ntfs/ntfs_vfsops.c +++ b/sys/ntfs/ntfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntfs_vfsops.c,v 1.50 2016/04/26 18:37:03 natano Exp $ */ +/* $OpenBSD: ntfs_vfsops.c,v 1.51 2016/05/22 20:27:04 bluhm Exp $ */ /* $NetBSD: ntfs_vfsops.c,v 1.7 2003/04/24 07:50:19 christos Exp $ */ /*- @@ -450,7 +450,8 @@ out1: DPRINTF("ntfs_mountfs: vflush failed\n"); out: - devvp->v_specmountpoint = NULL; + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp) brelse(bp); diff --git a/sys/ufs/ext2fs/ext2fs_vfsops.c b/sys/ufs/ext2fs/ext2fs_vfsops.c index aa2ef069ac2..c518338b546 100644 --- a/sys/ufs/ext2fs/ext2fs_vfsops.c +++ b/sys/ufs/ext2fs/ext2fs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ext2fs_vfsops.c,v 1.90 2016/04/26 18:37:03 natano Exp $ */ +/* $OpenBSD: ext2fs_vfsops.c,v 1.91 2016/05/22 20:27:04 bluhm Exp $ */ /* $NetBSD: ext2fs_vfsops.c,v 1.1 1997/06/11 09:34:07 bouyer Exp $ */ /* @@ -596,6 +596,8 @@ ext2fs_mountfs(struct vnode *devvp, struct mount *mp, struct proc *p) devvp->v_specmountpoint = mp; return (0); out: + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp) brelse(bp); vn_lock(devvp, LK_EXCLUSIVE | LK_RETRY, p); diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c index 6c14e51f593..1768b0c6412 100644 --- a/sys/ufs/ffs/ffs_vfsops.c +++ b/sys/ufs/ffs/ffs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ffs_vfsops.c,v 1.156 2016/05/10 10:37:57 krw Exp $ */ +/* $OpenBSD: ffs_vfsops.c,v 1.157 2016/05/22 20:27:04 bluhm Exp $ */ /* $NetBSD: ffs_vfsops.c,v 1.19 1996/02/09 22:22:26 christos Exp $ */ /* @@ -943,7 +943,8 @@ ffs_mountfs(struct vnode *devvp, struct mount *mp, struct proc *p) } return (0); out: - devvp->v_specmountpoint = NULL; + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp) brelse(bp); |