From owner-p4-projects@FreeBSD.ORG Wed Aug 30 20:29:46 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6962016A4E0; Wed, 30 Aug 2006 20:29:46 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4321D16A4DF for ; Wed, 30 Aug 2006 20:29:46 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 641E743D5E for ; Wed, 30 Aug 2006 20:29:44 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7UKTile022649 for ; Wed, 30 Aug 2006 20:29:44 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7UKTilK022646 for perforce@freebsd.org; Wed, 30 Aug 2006 20:29:44 GMT (envelope-from millert@freebsd.org) Date: Wed, 30 Aug 2006 20:29:44 GMT Message-Id: <200608302029.k7UKTilK022646@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 105351 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2006 20:29:46 -0000 http://perforce.freebsd.org/chv.cgi?CH=105351 Change 105351 by millert@millert_g4tower on 2006/08/30 20:29:41 Fix error cleanup when trying to mount with an invalid label. There were two problems. One is a simple memory leak. The other is more complicated and described below: When mounting a filesystem in non-update mode we need to decrement the reference count on error that we incremented earlier. However, at the point at which the MAC errors can occur we can't tell whether we need to do that cleanup or not w/o first checking the user flags and making sure devpath is non-NULL. As such it is simplest to just put the checks at the out3 label and use that as the goto target on error. These checks were not needed in the vendor code since the only "goto out3" calls occur in a code path where the user flags and devpath have already been checked. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#2 (text+ko) ==== @@ -522,28 +522,29 @@ if ((uap->flags & MNT_UPDATE) != 0) { error = mac_check_mount_fs_relabel(kauth_cred_get(), mp); if (error != 0) - goto out1; + goto out3; } error = copyin(CAST_USER_ADDR_T(uap->mac_p), (caddr_t)&mac, sizeof(mac)); if (error != 0) - goto out1; + goto out3; if ((mac.m_buflen > MAC_MAX_LABEL_BUF_LEN) || (mac.m_buflen < 2)) { error = EINVAL; - goto out1; + goto out3; } MALLOC(labelstr, char *, mac.m_buflen, M_MACTEMP, M_WAITOK); error = copyinstr(CAST_USER_ADDR_T(mac.m_string), labelstr, mac.m_buflen, &ulen); if (error != 0) { FREE(labelstr, M_MACTEMP); - goto out1; + goto out3; + } + error = mac_internalize_mount_label(mp->mnt_mntlabel, labelstr); + if (error != 0) { + FREE(labelstr, M_MACTEMP); + goto out3; } - error = mac_internalize_mount_fs_label(mp->mnt_fslabel, labelstr); - if (error != 0) - goto out1; - FREE(labelstr, M_MACTEMP); } #endif /* @@ -575,13 +576,13 @@ error = VFS_ROOT(mp, &rvp, &context); if (error) { printf("%s() VFS_ROOT returned %d\n", __func__, error); - goto out2; + goto out3; } /* VFS_ROOT provides reference so needref = 0 */ error = vnode_label(mp, NULL, rvp, NULL, 0, &context); if (error) - goto out2; + goto out3; } #endif /* MAC */ @@ -650,7 +651,8 @@ return(error); out3: - vnode_rele(devvp); + if (devpath && ((uap->flags & MNT_UPDATE) == 0)) + vnode_rele(devvp); out2: if (devpath && devvp) vnode_put(devvp);