The branch stable/12 has been updated by kib:
URL:
https://cgit.FreeBSD.org/src/commit/?id=ecc571a858586e7b62cae3794c0f6250a91a483b
commit ecc571a858586e7b62cae3794c0f6250a91a483b
Author: Konstantin Belousov <k...@freebsd.org>
AuthorDate: 2021-04-01 17:42:14 +0000
Commit: Konstantin Belousov <k...@freebsd.org>
CommitDate: 2021-04-09 04:57:37 +0000
nullfs: protect against user creating inconsistent state
PR: 253593
(cherry picked from commit 76b1b5ce6d81f66b09be8a20aecd064b65fd6b50)
---
sys/fs/nullfs/null_vnops.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/sys/fs/nullfs/null_vnops.c b/sys/fs/nullfs/null_vnops.c
index b663d8d718d3..62351cd9d832 100644
--- a/sys/fs/nullfs/null_vnops.c
+++ b/sys/fs/nullfs/null_vnops.c
@@ -376,10 +376,21 @@ null_lookup(struct vop_lookup_args *ap)
*/
ldvp = NULLVPTOLOWERVP(dvp);
vp = lvp = NULL;
- KASSERT((ldvp->v_vflag & VV_ROOT) == 0 ||
- ((dvp->v_vflag & VV_ROOT) != 0 && (flags & ISDOTDOT) == 0),
- ("ldvp %p fl %#x dvp %p fl %#x flags %#x", ldvp, ldvp->v_vflag,
- dvp, dvp->v_vflag, flags));
+
+ /*
+ * Renames in the lower mounts might create an inconsistent
+ * configuration where lower vnode is moved out of the
+ * directory tree remounted by our null mount. Do not try to
+ * handle it fancy, just avoid VOP_LOOKUP() with DOTDOT name
+ * which cannot be handled by VOP, at least passing over lower
+ * root.
+ */
+ if ((ldvp->v_vflag & VV_ROOT) != 0 && (flags & ISDOTDOT) != 0) {
+ KASSERT((dvp->v_vflag & VV_ROOT) == 0,
+ ("ldvp %p fl %#x dvp %p fl %#x flags %#x",
+ ldvp, ldvp->v_vflag, dvp, dvp->v_vflag, flags));
+ return (ENOENT);
+ }
/*
* Hold ldvp. The reference on it, owned by dvp, is lost in
_______________________________________________
dev-commits-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"
