Diffusion FreeBSD src repository 51b8ffb95c4f

fdesc_allocvp(): fix potential use after free
51b8ffb95c4f
Actions

Description

fdesc_allocvp(): fix potential use after free

Just owning the interlock is not enough for vget() to operate on the
vnode race-free with vgone(), the vnode should be held. Use
vget_prep()/vget_finish() to avoid vholding the vnode explicitly, and
drop LK_INTERLOCK.

Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D39207

Details

Provenance

kib	Authored on Mar 21 2023, 9:24 PM

Reviewer

markj

Differential Revision

D39207: Some fdescfs fixes

Parents

rGfa3ea81b77e4: fdescfs: remove useless XXX comment, unwrap line

Branches

Unknown

Tags

Unknown

Event Timeline

kib committed rG51b8ffb95c4f: fdesc_allocvp(): fix potential use after free (authored by kib).Mar 24 2023, 5:46 PM

kib added an edge: D39207: Some fdescfs fixes.

kib mentioned this in rG35b68d0ac4d3: fdesc_allocvp(): fix potential use after free.Mar 31 2023, 12:59 AM

Changes (1)

Path

Size

sys/

fs/

fdescfs/

fdesc_vnops.c

rG51b8ffb95c4f

View Options

sys/fs/fdescfs/fdesc_vnops.c