Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-6-0]: src Pull up following revision(s) (requested by maxv in tic...



details:   https://anonhg.NetBSD.org/src/rev/25714aab9d27
branches:  netbsd-6-0
changeset: 774936:25714aab9d27
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Mon Apr 21 10:15:36 2014 +0000

description:
Pull up following revision(s) (requested by maxv in ticket #1050):
        sys/ufs/chfs/chfs_vfsops.c: revision 1.11
        sys/fs/unionfs/unionfs_vfsops.c: revision 1.13
        sys/fs/nilfs/nilfs_vfsops.c: revision 1.16
        sys/ufs/mfs/mfs_vfsops.c: revision 1.107
        sys/fs/sysvbfs/sysvbfs_vfsops.c: revision 1.43
        sys/ufs/ffs/ffs_vfsops.c: revision 1.297
        sys/kern/vfs_syscalls.c: revision 1.478
        sys/kern/vfs_syscalls.c: revision 1.479
        sys/fs/puffs/puffs_vfsops.c: revision 1.110
        sys/fs/cd9660/cd9660_vfsops.c: revision 1.84
        sys/nfs/nfs_vfsops.c: revision 1.227
        sys/fs/v7fs/v7fs_vfsops.c: revision 1.10
        sys/ufs/ext2fs/ext2fs_vfsops.c: revision 1.180
        sys/miscfs/umapfs/umap_vfsops.c: revision 1.92
        sys/fs/filecorefs/filecore_vfsops.c: revision 1.76
        sys/miscfs/nullfs/null_vfsops.c: revision 1.88
        sys/fs/ptyfs/ptyfs_vfsops.c: revision 1.50
        sys/coda/coda_vfsops.c: revision 1.81
        sys/ufs/lfs/lfs_vfsops.c: revision 1.321
        sys/fs/tmpfs/tmpfs_vfsops.c: revision 1.59
        sys/fs/hfs/hfs_vfsops.c: revision 1.31
        sys/miscfs/overlay/overlay_vfsops.c: revision 1.61
        sys/fs/union/union_vfsops.c: revision 1.72
        sys/fs/ntfs/ntfs_vfsops.c: revision 1.94
        sys/kern/vfs_syscalls.c: revision 1.480
        sys/fs/efs/efs_vfsops.c: revision 1.25
        sys/kern/vfs_syscalls.c: revision 1.482
        sys/fs/msdosfs/msdosfs_vfsops.c: revision 1.107
        external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c: revision 1.12
        sys/miscfs/procfs/procfs_vfsops.c: revision 1.91
        sys/fs/smbfs/smbfs_vfsops.c: revision 1.100
        sys/fs/adosfs/advfsops.c: revision 1.70
        sys/fs/udf/udf_vfsops.c: revision 1.67
Limit check for 'data_len'. Otherwise a (un)privileged user can easily
panic the system by passing a huge size.
ok christos@
An (un)privileged user can easily make the kernel dereference a NULL
pointer.
The kernel allows 'data' to be NULL; it's the fs's responsibility to
ensure that it isn't NULL (if the fs actually needs data).
ok christos@
Some fs's - like kernfs - set their vfs_min_mount_data to zero. Add a check
to prevent an (un)privileged user from requesting a zero-sized allocation
(and thus a panic).
This thing is totally buggy: 'data_len' is modified by the fs, so calling
kmem_free with it while its value has changed since the kmem_alloc is far
from being a good idea.
If the kernel figures out that something mismatches, it will panic
(typically with kernfs).

diffstat:

 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c |   3 ++
 sys/coda/coda_vfsops.c                                  |   6 ++-
 sys/fs/adosfs/advfsops.c                                |   6 ++-
 sys/fs/cd9660/cd9660_vfsops.c                           |   6 ++-
 sys/fs/efs/efs_vfsops.c                                 |   6 ++-
 sys/fs/filecorefs/filecore_vfsops.c                     |   6 ++-
 sys/fs/hfs/hfs_vfsops.c                                 |   6 ++-
 sys/fs/msdosfs/msdosfs_vfsops.c                         |   6 ++-
 sys/fs/nilfs/nilfs_vfsops.c                             |   6 ++-
 sys/fs/ntfs/ntfs_vfsops.c                               |   6 ++-
 sys/fs/ptyfs/ptyfs_vfsops.c                             |   6 ++-
 sys/fs/puffs/puffs_vfsops.c                             |  12 ++-----
 sys/fs/smbfs/smbfs_vfsops.c                             |   6 ++-
 sys/fs/sysvbfs/sysvbfs_vfsops.c                         |   6 ++-
 sys/fs/tmpfs/tmpfs_vfsops.c                             |   7 +++-
 sys/fs/udf/udf_vfsops.c                                 |   6 ++-
 sys/fs/union/union_vfsops.c                             |   6 ++-
 sys/fs/unionfs/unionfs_vfsops.c                         |   2 +
 sys/fs/v7fs/v7fs_vfsops.c                               |   6 ++-
 sys/kern/vfs_syscalls.c                                 |  23 +++++++++++-----
 sys/miscfs/nullfs/null_vfsops.c                         |   6 ++-
 sys/miscfs/overlay/overlay_vfsops.c                     |   6 ++-
 sys/miscfs/procfs/procfs_vfsops.c                       |   7 +++-
 sys/miscfs/umapfs/umap_vfsops.c                         |   6 ++-
 sys/nfs/nfs_vfsops.c                                    |   6 ++-
 sys/ufs/chfs/chfs_vfsops.c                              |   4 ++-
 sys/ufs/ext2fs/ext2fs_vfsops.c                          |   6 ++-
 sys/ufs/ffs/ffs_vfsops.c                                |   6 ++-
 sys/ufs/lfs/lfs_vfsops.c                                |   6 ++-
 sys/ufs/mfs/mfs_vfsops.c                                |   6 ++-
 30 files changed, 129 insertions(+), 67 deletions(-)

diffs (truncated from 829 to 300 lines):

diff -r e5812a6481df -r 25714aab9d27 external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c
--- a/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c   Mon Apr 21 10:00:35 2014 +0000
+++ b/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_vfsops.c   Mon Apr 21 10:15:36 2014 +0000
@@ -1624,6 +1624,9 @@
        if (mvp->v_type != VDIR)
                return (ENOTDIR);
 
+       if (uap == NULL)
+               return (EINVAL);
+
        mutex_enter(mvp->v_interlock);
        if ((uap->flags & MS_REMOUNT) == 0 &&
            (uap->flags & MS_OVERLAY) == 0 &&
diff -r e5812a6481df -r 25714aab9d27 sys/coda/coda_vfsops.c
--- a/sys/coda/coda_vfsops.c    Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/coda/coda_vfsops.c    Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: coda_vfsops.c,v 1.70 2011/09/27 00:54:47 christos Exp $        */
+/*     $NetBSD: coda_vfsops.c,v 1.70.12.1 2014/04/21 10:15:37 bouyer Exp $     */
 
 /*
  *
@@ -45,7 +45,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.70 2011/09/27 00:54:47 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: coda_vfsops.c,v 1.70.12.1 2014/04/21 10:15:37 bouyer Exp $");
 
 #ifndef _KERNEL_OPT
 #define        NVCODA 4
@@ -185,6 +185,8 @@
     CodaFid ctlfid = CTL_FID;
     int error;
 
+    if (data == NULL)
+       return EINVAL;
     if (vfsp->mnt_flag & MNT_GETARGS)
        return EINVAL;
     ENTRY;
diff -r e5812a6481df -r 25714aab9d27 sys/fs/adosfs/advfsops.c
--- a/sys/fs/adosfs/advfsops.c  Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/adosfs/advfsops.c  Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: advfsops.c,v 1.63 2011/11/14 18:35:12 hannken Exp $    */
+/*     $NetBSD: advfsops.c,v 1.63.10.1 2014/04/21 10:15:38 bouyer Exp $        */
 
 /*
  * Copyright (c) 1994 Christian E. Hopps
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.63 2011/11/14 18:35:12 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: advfsops.c,v 1.63.10.1 2014/04/21 10:15:38 bouyer Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -91,6 +91,8 @@
        int error;
        mode_t accessmode;
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/cd9660/cd9660_vfsops.c
--- a/sys/fs/cd9660/cd9660_vfsops.c     Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/cd9660/cd9660_vfsops.c     Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cd9660_vfsops.c,v 1.74 2011/11/14 18:35:12 hannken Exp $       */
+/*     $NetBSD: cd9660_vfsops.c,v 1.74.10.1 2014/04/21 10:15:36 bouyer Exp $   */
 
 /*-
  * Copyright (c) 1994
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.74 2011/11/14 18:35:12 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cd9660_vfsops.c,v 1.74.10.1 2014/04/21 10:15:36 bouyer Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -224,6 +224,8 @@
        int error;
        struct iso_mnt *imp = VFSTOISOFS(mp);
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/efs/efs_vfsops.c
--- a/sys/fs/efs/efs_vfsops.c   Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/efs/efs_vfsops.c   Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: efs_vfsops.c,v 1.22 2011/06/12 03:35:52 rmind Exp $    */
+/*     $NetBSD: efs_vfsops.c,v 1.22.12.1 2014/04/21 10:15:37 bouyer Exp $      */
 
 /*
  * Copyright (c) 2006 Stephen M. Rumble <rumble%ephemeral.org@localhost>
@@ -17,7 +17,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.22 2011/06/12 03:35:52 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: efs_vfsops.c,v 1.22.12.1 2014/04/21 10:15:37 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -182,6 +182,8 @@
        struct vnode *devvp;
        int err, mode;
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/filecorefs/filecore_vfsops.c
--- a/sys/fs/filecorefs/filecore_vfsops.c       Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/filecorefs/filecore_vfsops.c       Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: filecore_vfsops.c,v 1.68 2011/11/14 18:35:13 hannken Exp $     */
+/*     $NetBSD: filecore_vfsops.c,v 1.68.10.1 2014/04/21 10:15:37 bouyer Exp $ */
 
 /*-
  * Copyright (c) 1994 The Regents of the University of California.
@@ -66,7 +66,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.68 2011/11/14 18:35:13 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: filecore_vfsops.c,v 1.68.10.1 2014/04/21 10:15:37 bouyer Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -239,6 +239,8 @@
        int error;
        struct filecore_mnt *fcmp = NULL;
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/hfs/hfs_vfsops.c
--- a/sys/fs/hfs/hfs_vfsops.c   Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/hfs/hfs_vfsops.c   Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: hfs_vfsops.c,v 1.27.8.1 2012/06/24 16:03:39 jdc Exp $  */
+/*     $NetBSD: hfs_vfsops.c,v 1.27.8.1.4.1 2014/04/21 10:15:37 bouyer Exp $   */
 
 /*-
  * Copyright (c) 2005, 2007 The NetBSD Foundation, Inc.
@@ -99,7 +99,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.27.8.1 2012/06/24 16:03:39 jdc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hfs_vfsops.c,v 1.27.8.1.4.1 2014/04/21 10:15:37 bouyer Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -205,6 +205,8 @@
        int update;
        mode_t accessmode;
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/msdosfs/msdosfs_vfsops.c
--- a/sys/fs/msdosfs/msdosfs_vfsops.c   Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/msdosfs/msdosfs_vfsops.c   Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: msdosfs_vfsops.c,v 1.93.6.1 2012/07/05 17:36:31 riz Exp $      */
+/*     $NetBSD: msdosfs_vfsops.c,v 1.93.6.1.4.1 2014/04/21 10:15:37 bouyer Exp $       */
 
 /*-
  * Copyright (C) 1994, 1995, 1997 Wolfgang Solfrank.
@@ -48,7 +48,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.93.6.1 2012/07/05 17:36:31 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: msdosfs_vfsops.c,v 1.93.6.1.4.1 2014/04/21 10:15:37 bouyer Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -293,6 +293,8 @@
        int error, flags;
        mode_t accessmode;
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/nilfs/nilfs_vfsops.c
--- a/sys/fs/nilfs/nilfs_vfsops.c       Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/nilfs/nilfs_vfsops.c       Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: nilfs_vfsops.c,v 1.8 2011/11/14 18:35:13 hannken Exp $ */
+/* $NetBSD: nilfs_vfsops.c,v 1.8.10.1 2014/04/21 10:15:36 bouyer Exp $ */
 
 /*
  * Copyright (c) 2008, 2009 Reinoud Zandijk
@@ -28,7 +28,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.8 2011/11/14 18:35:13 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nilfs_vfsops.c,v 1.8.10.1 2014/04/21 10:15:36 bouyer Exp $");
 #endif /* not lint */
 
 
@@ -804,6 +804,8 @@
 
        DPRINTF(VFSCALL, ("nilfs_mount called\n"));
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/ntfs/ntfs_vfsops.c
--- a/sys/fs/ntfs/ntfs_vfsops.c Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/ntfs/ntfs_vfsops.c Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ntfs_vfsops.c,v 1.87 2011/11/14 18:35:13 hannken Exp $ */
+/*     $NetBSD: ntfs_vfsops.c,v 1.87.12.1 2014/04/21 10:15:37 bouyer Exp $     */
 
 /*-
  * Copyright (c) 1998, 1999 Semen Ustimenko
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.87 2011/11/14 18:35:13 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ntfs_vfsops.c,v 1.87.12.1 2014/04/21 10:15:37 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -174,6 +174,8 @@
        struct vnode    *devvp;
        struct ntfs_args *args = data;
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len < sizeof *args)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/ptyfs/ptyfs_vfsops.c
--- a/sys/fs/ptyfs/ptyfs_vfsops.c       Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/ptyfs/ptyfs_vfsops.c       Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ptyfs_vfsops.c,v 1.42.18.1 2012/10/01 17:35:05 riz Exp $       */
+/*     $NetBSD: ptyfs_vfsops.c,v 1.42.18.1.2.1 2014/04/21 10:15:37 bouyer Exp $        */
 
 /*
  * Copyright (c) 1992, 1993, 1995
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.42.18.1 2012/10/01 17:35:05 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ptyfs_vfsops.c,v 1.42.18.1.2.1 2014/04/21 10:15:37 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -218,6 +218,8 @@
        struct ptyfsmount *pmnt;
        struct ptyfs_args *args = data;
 
+       if (args == NULL)
+               return EINVAL;
        if (*data_len != sizeof *args && *data_len != OSIZE)
                return EINVAL;
 
diff -r e5812a6481df -r 25714aab9d27 sys/fs/puffs/puffs_vfsops.c
--- a/sys/fs/puffs/puffs_vfsops.c       Mon Apr 21 10:00:35 2014 +0000
+++ b/sys/fs/puffs/puffs_vfsops.c       Mon Apr 21 10:15:36 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: puffs_vfsops.c,v 1.100.8.2 2012/08/12 13:13:21 martin Exp $    */
+/*     $NetBSD: puffs_vfsops.c,v 1.100.8.2.4.1 2014/04/21 10:15:36 bouyer Exp $        */
 
 /*
  * Copyright (c) 2005, 2006  Antti Kantee.  All Rights Reserved.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.100.8.2 2012/08/12 13:13:21 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: puffs_vfsops.c,v 1.100.8.2.4.1 2014/04/21 10:15:36 bouyer Exp $");
 
 #include <sys/param.h>



Home | Main Index | Thread Index | Old Index