msdosfs: drop DE_RENAME
AbandonedPublic
Actions

Authored by trasz on Jul 31 2021, 6:12 PM.

Details

Reviewers

Summary

Clearing the DE_RENAME flag, done near the end of msdosfs_rename(),
can result in overwriting freed memory: since fvp is not locked
at that point, ip might no longer be valid.

Instead of trying to invent a safe way of resetting the flag
(https://reviews.freebsd.org/D27337), drop it altogether.
The cases it's supposed to prevent from shouldn't break anything.

Note that this is relatively untested, as msdosfs_rename() is already
broken in a different way; see https://bugs.freebsd.org/257522.
I'm still interested in feedback, in particular about the approach.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 40779
Build 37668: arc lint + arc unit

Event Timeline

trasz created this revision.Jul 31 2021, 6:12 PM

Herald added a subscriber: imp. · View Herald TranscriptJul 31 2021, 6:12 PM

trasz requested review of this revision.Jul 31 2021, 6:12 PM

Harbormaster completed remote builds in B40779: Diff 93057.Jul 31 2021, 6:12 PM

trasz edited the summary of this revision. (Show Details)Jul 31 2021, 6:15 PM

What cases is it supposed to prevent?

In D31366#706899, @imp wrote:

What cases is it supposed to prevent?

It all started with NetApp discovering that this line:

ip->de_flag &= ~DE_RENAME

... can result in overwriting freed memory, if the vnode the ip is attached to gets reclaimed. Then kib@ noticed that the fix was still racy, but more importantly, the DE_RENAME flag doesn't seem to be useful anyway: it protects from a case which shouldn't break anything, except for the calls to panic(9) when the code detects the situation.

I started the proper fix for msdosfs_rename(). It will take a while before I have a patch that can be even tested.

trasz mentioned this in D27337: Fix use after free in msdosfs_rename().Aug 8 2021, 1:49 PM

Obsoleted by https://reviews.freebsd.org/D31464.