On Thu, Aug 01, 2019 at 06:15:46PM +0200, Alexander Bluhm wrote:
> there seems to be another bug that is triggert by unveil(2) and
> chdir(2). I have written a test for the latter, but I have not
> found the bug yet.
unveil(2) on "." leaks a vnode. Even if the parent and the vnode
are equal, both are reference counted. So we need two vrele().
ok?
bluhm
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.327
diff -u -p -r1.327 vfs_syscalls.c
--- kern/vfs_syscalls.c 25 Jul 2019 01:43:21 -0000 1.327
+++ kern/vfs_syscalls.c 1 Aug 2019 21:21:14 -0000
@@ -1048,7 +1048,7 @@ sys_unveil(struct proc *p, void *v, regi
/* release vref from namei, but not vref from unveil_add */
if (nd.ni_vp)
vrele(nd.ni_vp);
- if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp)
+ if (nd.ni_dvp)
vrele(nd.ni_dvp);
pool_put(&namei_pool, nd.ni_cnd.cn_pnbuf);
