HomeFreeBSD
Diffusion FreeBSD src repository abe95116ba10

unionfs: rework pathname handling
abe95116ba10
Actions

Description

unionfs: rework pathname handling

Running stress2 unionfs tests reliably produces a namei_zone corruption
panic due to unionfs_relookup() attempting to NUL-terminate a newly-
allocate pathname buffer without first validating the buffer length.

Instead, avoid allocating new pathname buffers in unionfs entirely,
using already-provided buffers while ensuring the the correct flags
are set in struct componentname to prevent freeing or manipulation
of those buffers at lower layers.

While here, also compute and store the path length once in the unionfs
node instead of constantly invoking strlen() on it.

Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D31728

Details

Provenance
jahAuthored on Aug 29 2021, 9:36 PM
Reviewer
kib
Differential Revision
D31728: unionfs: rework pathname handling
Parents
rGc98bf2a45e05: sctp: Always check for a vanishing inpcb when processing COOKIE-ECHO
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
sys/
fs/
unionfs/

rGabe95116ba10

View Options

sys/fs/unionfs/union.h

Loading...
View Options

sys/fs/unionfs/union_subr.c

Loading...
View Options

sys/fs/unionfs/union_vnops.c

Loading...