Date: Mon, 30 Aug 2004 02:35:20 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: fs@freebsd.org Subject: prevent easy panics with invariants. Message-ID: <20040830093520.GL31434@elvis.mu.org>
next in thread | raw e-mail | index | archive | help
A patch like this (untested) is needed, otherwise a messup
calling mount will panic the system way too easily.
Basically, vfs_freeopt will ASSERT:
KASSERT(opt->value == NULL && opt->len)
But because we set opt->len before we set opt->value we blow up
hard if there is an error in the nmount code path.
Index: vfs_mount.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/vfs_mount.c,v
retrieving revision 1.138
diff -u -r1.138 vfs_mount.c
--- vfs_mount.c 30 Jul 2004 22:08:52 -0000 1.138
+++ vfs_mount.c 30 Aug 2004 09:32:09 -0000
@@ -274,7 +274,7 @@
optlen = auio->uio_iov[i + 1].iov_len;
opt->name = malloc(namelen, M_MOUNT, M_WAITOK);
opt->value = NULL;
- opt->len = optlen;
+ opt->len = 0;
/*
* Do this early, so jumps to "bad" will free the current
@@ -308,6 +308,7 @@
goto bad;
}
if (optlen != 0) {
+ opt->len = optlen;
opt->value = malloc(optlen, M_MOUNT, M_WAITOK);
if (auio->uio_segflg == UIO_SYSSPACE) {
bcopy(auio->uio_iov[i + 1].iov_base, opt->value,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040830093520.GL31434>