Subject: Re: CVS commit: src/sys/kern
To: None <source-changes@NetBSD.org>
From: Reinoud Zandijk <reinoud@netbsd.org>
List: source-changes
Date: 01/18/2006 15:44:50
Sorry for the inconvenience, used the wrong flag to cvs :(
CVS message will be updated
Reinoud
On Wed, Jan 18, 2006 at 02:26:55PM +0000, Reinoud Zandijk wrote:
>
> Module Name: src
> Committed By: reinoud
> Date: Wed Jan 18 14:26:55 UTC 2006
>
> Modified Files:
> src/sys/kern: vfs_subr.c
>
> Log Message:
> /tmp/cvs00610b
vfs_mountedon() can only and only handle special device nodes and will
otherwise generate an UVM trap or will access random memory. This is due to
the dereference of vp->v_specmountpoint that is really
vp->v_specinfo->si_mountpoint. The field v_specinfo is multiplexed with
other structs in the vun union in struct vnode like struct socket.
The patch adds a sanity check for accessing the specinfo fields by only
allowing VBLK nodes to be passed. In theory also VCHR could be valid since
its also a special node though mounting is only done on VBLK so be strict.
Ok'd by yamt.