Module Name: src
Committed By: ad
Date: Mon Mar 30 19:15:28 UTC 2020
Modified Files:
src/sys/kern: vfs_cache.c
Log Message:
cache_lookup(): fix a use-after-free.
To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 src/sys/kern/vfs_cache.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/vfs_cache.c
diff -u src/sys/kern/vfs_cache.c:1.135 src/sys/kern/vfs_cache.c:1.136
--- src/sys/kern/vfs_cache.c:1.135 Fri Mar 27 00:14:25 2020
+++ src/sys/kern/vfs_cache.c Mon Mar 30 19:15:28 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_cache.c,v 1.135 2020/03/27 00:14:25 ad Exp $ */
+/* $NetBSD: vfs_cache.c,v 1.136 2020/03/30 19:15:28 ad Exp $ */
/*-
* Copyright (c) 2008, 2019, 2020 The NetBSD Foundation, Inc.
@@ -172,7 +172,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_cache.c,v 1.135 2020/03/27 00:14:25 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_cache.c,v 1.136 2020/03/30 19:15:28 ad Exp $");
#define __NAMECACHE_PRIVATE
#ifdef _KERNEL_OPT
@@ -554,6 +554,14 @@ cache_lookup(struct vnode *dvp, const ch
return false;
}
if (ncp->nc_vp == NULL) {
+ if (iswht_ret != NULL) {
+ /*
+ * Restore the ISWHITEOUT flag saved earlier.
+ */
+ *iswht_ret = ncp->nc_whiteout;
+ } else {
+ KASSERT(!ncp->nc_whiteout);
+ }
if (nameiop == CREATE && (cnflags & ISLASTCN) != 0) {
/*
* Last component and we are preparing to create
@@ -570,14 +578,6 @@ cache_lookup(struct vnode *dvp, const ch
/* found neg entry; vn is already null from above */
hit = true;
}
- if (iswht_ret != NULL) {
- /*
- * Restore the ISWHITEOUT flag saved earlier.
- */
- *iswht_ret = ncp->nc_whiteout;
- } else {
- KASSERT(!ncp->nc_whiteout);
- }
rw_exit(&dvi->vi_nc_lock);
return hit;
}
