Date: Mon, 30 Aug 2004 02:35:20 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: fs@freebsd.org Subject: prevent easy panics with invariants. Message-ID: <20040830093520.GL31434@elvis.mu.org>
next in thread | raw e-mail | index | archive | help
A patch like this (untested) is needed, otherwise a messup calling mount will panic the system way too easily. Basically, vfs_freeopt will ASSERT: KASSERT(opt->value == NULL && opt->len) But because we set opt->len before we set opt->value we blow up hard if there is an error in the nmount code path. Index: vfs_mount.c =================================================================== RCS file: /home/ncvs/src/sys/kern/vfs_mount.c,v retrieving revision 1.138 diff -u -r1.138 vfs_mount.c --- vfs_mount.c 30 Jul 2004 22:08:52 -0000 1.138 +++ vfs_mount.c 30 Aug 2004 09:32:09 -0000 @@ -274,7 +274,7 @@ optlen = auio->uio_iov[i + 1].iov_len; opt->name = malloc(namelen, M_MOUNT, M_WAITOK); opt->value = NULL; - opt->len = optlen; + opt->len = 0; /* * Do this early, so jumps to "bad" will free the current @@ -308,6 +308,7 @@ goto bad; } if (optlen != 0) { + opt->len = optlen; opt->value = malloc(optlen, M_MOUNT, M_WAITOK); if (auio->uio_segflg == UIO_SYSSPACE) { bcopy(auio->uio_iov[i + 1].iov_base, opt->value,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040830093520.GL31434>