Page MenuHomeFreeBSD
Differential D57453

Avoid infinite loop in renameat(2)
ClosedPublic
Actions

Authored by kib on Thu, Jun 4, 8:03 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jun 13, 2:18 PM
Unknown Object (File)
Sat, Jun 13, 1:12 PM
Unknown Object (File)
Sat, Jun 13, 10:53 AM
Unknown Object (File)
Sat, Jun 13, 5:31 AM
Unknown Object (File)
Sat, Jun 13, 1:37 AM
Unknown Object (File)
Sat, Jun 13, 1:33 AM
Unknown Object (File)
Wed, Jun 10, 2:19 PM
Unknown Object (File)
Wed, Jun 10, 1:37 PM
View All 13 Files
Subscribers
des
imp
olce
pho

Details

Reviewers
jah
markj
Commits
rGd53633bfcf24: rename(2): do not allow to rename root vnode of the mounted filesystem
rG5d0ebfe1d978: renameat(2): when retrying, check for pending signals
Summary
rename(2): do not allow to rename root vnode of the mounted filesystem

Check for tdvp being vp_crossmp.  This cannot happen for the normal
rename cases, but could if the target path specified by the syscall
points to the nullfs mount over the regular file.  In this case namei()
cannot step over crossmp, and keep it in ni_dvp.

Since crossmp VOP_GETWRITEMOUNT() returns NULL mp, we retry the locking
dance since the belief is that NULL return is transient.

PR:     295826


renameat(2): when retrying, check for pending signals

The vn_start_write() call there is already interruptible.  Check for
user signals before restarting due to ERELOOKUP, or after failed
vn_start_write().  Note that vn_start_write(V_XSLEEP | V_PCATCH)
does not check for signals if not sleeping.

PR:     295826

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Thu, Jun 4, 8:03 PM
Herald added subscribers: olce, imp. · View Herald TranscriptThu, Jun 4, 8:03 PM
kib requested review of this revision.Thu, Jun 4, 8:03 PM
kib updated this revision to Diff 179235.Thu, Jun 4, 9:11 PM
kib edited the summary of this revision. (Show Details)

Also check for pending signals after vn_start_write()

kib added a comment.Fri, Jun 5, 9:44 PM

Tested by: pho

markj added inline comments.Fri, Jun 5, 11:03 PM
sys/kern/vfs_syscalls.c
3862

Don't you need to call vn_finished_write(mp) before returning?

kib updated this revision to Diff 179317.Fri, Jun 5, 11:15 PM
kib marked an inline comment as done.

Do not leak mnt_writecount.

markj accepted this revision.Fri, Jun 5, 11:19 PM
markj added inline comments.
sys/kern/vfs_syscalls.c
3867

Or maybe the check should come before vn_start_write()?

This revision is now accepted and ready to land.Fri, Jun 5, 11:19 PM
kib updated this revision to Diff 179320.Fri, Jun 5, 11:39 PM
kib marked an inline comment as done.

Check for signals before taking the write ref.

This revision now requires review to proceed.Fri, Jun 5, 11:39 PM
markj accepted this revision.Sat, Jun 6, 1:28 AM
This revision is now accepted and ready to land.Sat, Jun 6, 1:28 AM
Closed by commit rG5d0ebfe1d978: renameat(2): when retrying, check for pending signals (authored by kib). · Explain WhySat, Jun 6, 3:29 AM
This revision was automatically updated to reflect the committed changes.
kib added a commit: rG5d0ebfe1d978: renameat(2): when retrying, check for pending signals.
kib added a commit: rGd53633bfcf24: rename(2): do not allow to rename root vnode of the mounted filesystem.

Revision Contents
Changeset List

PathSize
sys/
kern/
10 lines

Diff 179331

View Options

sys/kern/vfs_syscalls.c

Loading...