Subject: kern/5271: access(2) call on union filesystems may cause kernel fault.
To: None <gnats-bugs@gnats.netbsd.org>
From: MINOURA Makoto <minoura@kw.netlaputa.ne.jp>
List: netbsd-bugs
Date: 04/09/1998 22:56:07
>Number: 5271
>Category: kern
>Synopsis: access(2) call on union filesystems may cause kernel fault.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Apr 9 07:05:00 1998
>Last-Modified:
>Originator: MINOURA Makoto
>Organization:
MINOURA, Makoto <minoura@kw.netlaputa.ne.jp> or <minoura@kyogoku.com>
Nakahara-ku Kawasaki-Shi, JAPAN
>Release: NetBSD-current supped at Apr. 8 16:18
>Environment:
System: NetBSD daisy 1.3E NetBSD 1.3E (DAISY) #48: Sat Apr 4 13:59:12 JST 1998 root@daisy:/usr/src/sys/arch/i386/compile/DAISY i386
>Description:
union_access() might refer a stray pointer.
|| struct union_mount *um = MOUNTTOUNIONMOUNT(vp->v_mount);
(union_vnops.c line 727)
Here, the vnode *vp does not always represents a file on a
union filesystem.
>How-To-Repeat:
(assuming the fileserver holds the NetBSD source tree, and
the local host does not have /usr/obj/sys/arch/i386/config/GENERIC,)
# mount -t nfs fileserver:/usr/src /usr/src
# mount -t union /usr/obj /usr/src
# test -r /sys/arch/i386/config/GENERIC
panic: kernel fault
>Fix:
*** /export/NetBSD-current/src/sys/miscfs/union/union_vnops.c Tue Mar 17 21:10:57 1998
--- /sys/miscfs/union/union_vnops.c Thu Apr 9 22:46:34 1998
***************
*** 712,717 ****
--- 712,718 ----
struct union_node *un = VTOUNION(ap->a_vp);
int error = EACCES;
struct vnode *vp;
+ struct union_mount *um = MOUNTTOUNIONMOUNT(ap->a_vp->v_mount);
if ((vp = un->un_uppervp) != NULLVP) {
FIXUP(un);
***************
*** 724,730 ****
ap->a_vp = vp;
error = VCALL(vp, VOFFSET(vop_access), ap);
if (error == 0) {
- struct union_mount *um = MOUNTTOUNIONMOUNT(vp->v_mount);
if (um->um_op == UNMNT_BELOW) {
ap->a_cred = um->um_cred;
>Audit-Trail:
>Unformatted: