CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Jason A. Harmening <jah@FreeBSD.org>
	Sun, 26 Sep 2021 02:56:04 +0000 (19:56 -0700)
committer	Jason A. Harmening <jah@FreeBSD.org>
	Thu, 14 Oct 2021 02:25:31 +0000 (19:25 -0700)
commit	152c35ee4fdad39d30789fd01cd2fc723ba9568b
tree	7d6ad64fb6861150f78bb656e36f456d40aebd26	tree \| snapshot
parent	04c91ac48ad13ce0d1392cedbd69c2c0223d206f	commit \| diff

unionfs: Ensure SAVENAME is set for unionfs vnode operations

"rm-style" system calls such as kern_frmdirat() and kern_funlinkat()
don't supply SAVENAME to preserve the pathname buffer for subsequent
vnode ops. For unionfs this poses an issue because the pathname may
be needed for a relookup operation in unionfs_remove()/unionfs_rmdir().
Currently unionfs doesn't check for this case, leading to a panic on
DIAGNOSTIC kernels and use-after-free of cn_nameptr otherwise.

The unionfs node's stored buffer would suffice as a replacement for
cnp->cn_nameptr in some (but not all) cases, but it's cleaner to just
ensure that unionfs vnode ops always have a valid cn_nameptr by setting
SAVENAME in unionfs_lookup().

While here, do some light cleanup in unionfs_lookup() and assert that
HASBUF is always present in the relevant relookup calls.

Reported by: pho
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D32148

sys/fs/unionfs/union_subr.c		diff \| blob \| history
sys/fs/unionfs/union_vnops.c		diff \| blob \| history