Page MenuHomeFreeBSD
Differential D52386

vfs: Avoid null dereference
Needs ReviewPublic
Actions

Authored by des on Sep 4 2025, 5:56 PM.
Tags
None
Referenced Files
F132907828: D52386.id.diff
Tue, Oct 21, 2:04 AM
F132907827: D52386.id161537.diff
Tue, Oct 21, 2:04 AM
F132868380: D52386.diff
Mon, Oct 20, 4:26 PM
Unknown Object (File)
Fri, Oct 3, 2:51 AM
Unknown Object (File)
Sat, Sep 27, 1:24 AM
Unknown Object (File)
Thu, Sep 25, 8:41 PM
Unknown Object (File)
Mon, Sep 22, 3:23 PM
Unknown Object (File)
Sun, Sep 21, 3:33 PM
View All 17 Files
Subscribers
asomers
imp

Details

Reviewers
kib
markj
Summary

In VOP_READDIR(), ap->a_eofflag may be null. Check that it isn't
before dereferencing it.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 66821
Build 63704: arc lint + arc unit

Event Timeline

des created this revision.Sep 4 2025, 5:56 PM
Herald added subscribers: asomers, imp. · View Herald TranscriptSep 4 2025, 5:56 PM
des requested review of this revision.Sep 4 2025, 5:56 PM
Harbormaster completed remote builds in B66821: Diff 161537.Sep 4 2025, 5:56 PM
markj added a comment.Sep 4 2025, 8:26 PM

Why not fix up the one VOP_READDIR caller which doesn't pass an eof pointer?

des added a comment.Sep 4 2025, 11:02 PM
In D52386#1196251, @markj wrote:

Why not fix up the one VOP_READDIR caller which doesn't pass an eof pointer?

Because eofflag is documented to be optional and nullable, there may be third-party code that expects that to be the case, and removing the existing null checks would be more work than adding the handful that were missing.

kib added a comment.EditedSep 4 2025, 11:16 PM
In D52386#1196301, @des wrote:
In D52386#1196251, @markj wrote:

Why not fix up the one VOP_READDIR caller which doesn't pass an eof pointer?

Because eofflag is documented to be optional and nullable, there may be third-party code that expects that to be the case, and removing the existing null checks would be more work than adding the handful that were missing.

Where is it documented, in VOP_READDIR.9? Then change the documentation as well.

We do not maintain neither KBI nor KPI compatibility for VFS (or VM), so this change should be even mergeable to stable branches.

markj added a comment.Sep 5 2025, 1:14 PM
In D52386#1196305, @kib wrote:
In D52386#1196301, @des wrote:
In D52386#1196251, @markj wrote:

Why not fix up the one VOP_READDIR caller which doesn't pass an eof pointer?

Because eofflag is documented to be optional and nullable, there may be third-party code that expects that to be the case, and removing the existing null checks would be more work than adding the handful that were missing.

Where is it documented, in VOP_READDIR.9? Then change the documentation as well.

We do not maintain neither KBI nor KPI compatibility for VFS (or VM), so this change should be even mergeable to stable branches.

I agree, it is better to make the interface simpler even if it's a bit more work. Third-party code can easily adapt to the new semantics.

Revision Contents
Changeset List

PathSize
sys/
fs/
cd9660/
3 lines
fuse/
4 lines
udf/
3 lines
ufs/
ufs/
5 lines

Diff 161537

View Options

sys/fs/cd9660/cd9660_vnops.c

Loading...
View Options

sys/fs/fuse/fuse_vnops.c

Loading...
View Options

sys/fs/udf/udf_vnops.c

Loading...
View Options

sys/ufs/ufs/ufs_vnops.c

Loading...