On Tue, Jul 29, 2025 at 09:38:21AM -0400, Mark Johnston wrote:
> On Tue, Jul 29, 2025 at 04:22:56PM +0300, Konstantin Belousov wrote:
> > On Tue, Jul 29, 2025 at 09:16:23AM -0400, Mark Johnston wrote:
> > > On Tue, Jul 29, 2025 at 04:01:46PM +0300, Konstantin Belousov wrote:
> > > > On Tue, Jul 29, 2025 at 08:26:52AM -0400, Mark Johnston wrote:
> > > > > On Mon, Jul 28, 2025 at 08:57:21PM +0000, Konstantin Belousov wrote:
> > > > > > The branch main has been updated by kib:
> > > > > > 
> > > > > > URL: 
> > > > > > https://cgit.FreeBSD.org/src/commit/?id=610319c766e941de96e52f2d28fea9f8cfc51aeb
> > > > > > 
> > > > > > commit 610319c766e941de96e52f2d28fea9f8cfc51aeb
> > > > > > Author:     Konstantin Belousov <k...@freebsd.org>
> > > > > > AuthorDate: 2025-07-27 13:50:57 +0000
> > > > > > Commit:     Konstantin Belousov <k...@freebsd.org>
> > > > > > CommitDate: 2025-07-28 20:57:14 +0000
> > > > > > 
> > > > > >     ufs_vnops.c: newparent is not bool
> > > > > >     
> > > > > >     Use proper comparision operators when we need to see if 
> > > > > > newparent was
> > > > > >     set to not-zero value.
> > > > > >     
> > > > > >     Reviewed by:    mckusick, olce
> > > > > >     Sponsored by:   The FreeBSD Foundation
> > > > > >     MFC after:      1 week
> > > > > >     Differential revision:  https://reviews.freebsd.org/D51573
> > > > > > ---
> > > > > >  sys/ufs/ufs/ufs_vnops.c | 15 +++++++--------
> > > > > >  1 file changed, 7 insertions(+), 8 deletions(-)
> > > > > > 
> > > > > > diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
> > > > > > index 406b8f943077..2757fb066981 100644
> > > > > > --- a/sys/ufs/ufs/ufs_vnops.c
> > > > > > +++ b/sys/ufs/ufs/ufs_vnops.c
> > > > > > @@ -1476,7 +1476,7 @@ relock:
> > > > > >      * the user must have write permission in the source so
> > > > > >      * as to be able to change "..".
> > > > > >      */
> > > > > > -   if (doingdirectory && newparent) {
> > > > > > +   if (doingdirectory && newparent != 0) {
> > > > > >             error = VOP_ACCESS(fvp, VWRITE, tcnp->cn_cred, 
> > > > > > curthread);
> > > > > >             if (error)
> > > > > >                     goto unlockout;
> > > > > > @@ -1539,7 +1539,7 @@ relock:
> > > > > >     if (tip == NULL) {
> > > > > >             if (ITODEV(tdp) != ITODEV(fip))
> > > > > >                     panic("ufs_rename: EXDEV");
> > > > > > -           if (doingdirectory && newparent) {
> > > > > > +           if (doingdirectory && newparent != 0) {
> > > > > >                     /*
> > > > > >                      * Account for ".." in new directory.
> > > > > >                      * When source and destination have the same
> > > > > > @@ -1632,7 +1632,7 @@ relock:
> > > > > >                     goto bad;
> > > > > >             }
> > > > > >             if (doingdirectory) {
> > > > > > -                   if (!newparent) {
> > > > > > +                   if (newparent == 0) {
> > > > > >                             tdp->i_effnlink--;
> > > > > >                             if (DOINGSOFTDEP(tdvp))
> > > > > >                                     softdep_change_linkcnt(tdp);
> > > > > > @@ -1642,11 +1642,10 @@ relock:
> > > > > >                             softdep_change_linkcnt(tip);
> > > > > >             }
> > > > > >             error = ufs_dirrewrite(tdp, tip, fip->i_number,
> > > > > > -               IFTODT(fip->i_mode),
> > > > > > -               (doingdirectory && newparent) ? newparent : 
> > > > > > doingdirectory);
> > > > > > +               IFTODT(fip->i_mode), doingdirectory);
> > > > > 
> > > > > Is this part of the change correct?
> > > > > 
> > > > > syzbot is reporting some panics after this change and commit
> > > > > c069ca085bd185eda4a90dc4bc2b76cceb74579d:
> > > > > https://syzkaller.appspot.com/bug?extid=18722c8e4008048efb51
> > > > > https://syzkaller.appspot.com/bug?extid=6a4ea1e13f4e07369785
> > > > > https://syzkaller.appspot.com/bug?extid=5cb82352555d5d505640
> > > > > https://syzkaller.appspot.com/bug?extid=602fb6ee1a39abfd3b5c
> > > > > https://syzkaller.appspot.com/bug?extid=fb35cce6a6f5075a6692
> > > > > https://syzkaller.appspot.com/bug?extid=6fb8cb919cc686d1a1d0
> > > > > https://syzkaller.appspot.com/bug?extid=98c39c45a437812f7683
> > > > > https://syzkaller.appspot.com/bug?extid=02cb048d48b51bcd9c41
> > > > 
> > > > I committed the revert, with the Fixes tag, for now. But consider:
> > > > 
> > > > Two cases:
> > > > 1. doingdirectory == true:
> > > > the expression can be rewritten as newparent ? newparent : true.
> > > > Then this is the same as true.
> > > > 
> > > > 2. doingdirectory == false:
> > > > then the expression is false.
> > > 
> > > I think the problem is that the isrmdir parameter to ufs_dirrewrite() is
> > > not a bool as the name implies.  See softdep_setup_directory_change(),
> > > which checks isrmdir > 1.
> > 
> > Right, then revert does not fix anything.
> 
> Indeed.  In the meantime, syzbot produced a reproducer:
> https://syzkaller.appspot.com/text?tag=ReproC&x=12fe9782580000
> 
> With the diff below, I no longer see any panics:
> 
> diff --git a/sys/ufs/ufs/ufs_vnops.c b/sys/ufs/ufs/ufs_vnops.c
> index 050b21c2be0b..b7453db9013c 100644
> --- a/sys/ufs/ufs/ufs_vnops.c
> +++ b/sys/ufs/ufs/ufs_vnops.c
> @@ -1643,7 +1643,7 @@ ufs_rename(
>               }
>               error = ufs_dirrewrite(tdp, tip, fip->i_number,
>                   IFTODT(fip->i_mode), (doingdirectory && newparent != 0) ?
> -                 newparent != 0: doingdirectory);
> +                 newparent : doingdirectory);
>               if (error) {
>                       if (doingdirectory) {
>                               if (newparent == 0) {

Go ahead if you want, my patch fixes more bugs there, I believe, and is
still needed.

Reply via email to