CVS commit: src/sys/uvm

Tue, 20 Dec 2022 18:28:16 -0800 

Module Name:    src
Committed By:   chs
Date:           Wed Dec 21 02:28:06 UTC 2022

Modified Files:
        src/sys/uvm: uvm_swap.c

Log Message:
swap: disallow user opens of swap block device

the swap/drum block device was never intended to allow user opens,
but when the internal VOP_OPEN() in uvm_swap_init() was added
back in rev 1.135, the d_open method was changed from always-fail
to always-succeed in order to allow the new initial internal open.
this had the side effect of incorrectly allowing user opens too.
fix this by replacing the swap_bdevsw d_open with one that succeeds
for the first call but fails for all subsequent calls.

Reported-by: syzbot+90a23d2f19e5a0a30...@syzkaller.appspotmail.com


To generate a diff of this commit:
cvs rdiff -u -r1.206 -r1.207 src/sys/uvm/uvm_swap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/uvm/uvm_swap.c
diff -u src/sys/uvm/uvm_swap.c:1.206 src/sys/uvm/uvm_swap.c:1.207
--- src/sys/uvm/uvm_swap.c:1.206	Mon Aug 23 13:08:18 2021
+++ src/sys/uvm/uvm_swap.c	Wed Dec 21 02:28:06 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: uvm_swap.c,v 1.206 2021/08/23 13:08:18 hannken Exp $	*/
+/*	$NetBSD: uvm_swap.c,v 1.207 2022/12/21 02:28:06 chs Exp $	*/
 
 /*
  * Copyright (c) 1995, 1996, 1997, 2009 Matthew R. Green
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_swap.c,v 1.206 2021/08/23 13:08:18 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_swap.c,v 1.207 2022/12/21 02:28:06 chs Exp $");
 
 #include "opt_uvmhist.h"
 #include "opt_compat_netbsd.h"
@@ -1190,6 +1190,22 @@ again:
  */
 
 /*
+ * swopen: allow the initial open from uvm_swap_init() and reject all others.
+ */
+
+static int
+swopen(dev_t dev, int flag, int mode, struct lwp *l)
+{
+	static bool inited = false;
+
+	if (!inited) {
+		inited = true;
+		return 0;
+	}
+	return ENODEV;
+}
+
+/*
  * swstrategy: perform I/O on the drum
  *
  * => we must map the i/o request from the drum to the correct swapdev.
@@ -1308,8 +1324,8 @@ swwrite(dev_t dev, struct uio *uio, int 
 }
 
 const struct bdevsw swap_bdevsw = {
-	.d_open = nullopen,
-	.d_close = nullclose,
+	.d_open = swopen,
+	.d_close = noclose,
 	.d_strategy = swstrategy,
 	.d_ioctl = noioctl,
 	.d_dump = nodump,

Reply via email to