Module Name: src Committed By: dholland Date: Mon Aug 8 16:04:07 UTC 2011
Modified Files: src/sys/nfs: nfs_serv.c nfs_srvsubs.c Log Message: nfs_namei() should not return a non-null path buffer except on success, even though the callers are apparently prepared to cope. Fixes last tidyup part of PR 44625. To generate a diff of this commit: cvs rdiff -u -r1.159 -r1.160 src/sys/nfs/nfs_serv.c cvs rdiff -u -r1.10 -r1.11 src/sys/nfs/nfs_srvsubs.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/nfs/nfs_serv.c diff -u src/sys/nfs/nfs_serv.c:1.159 src/sys/nfs/nfs_serv.c:1.160 --- src/sys/nfs/nfs_serv.c:1.159 Mon Apr 18 00:38:33 2011 +++ src/sys/nfs/nfs_serv.c Mon Aug 8 16:04:07 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_serv.c,v 1.159 2011/04/18 00:38:33 dholland Exp $ */ +/* $NetBSD: nfs_serv.c,v 1.160 2011/08/08 16:04:07 dholland Exp $ */ /* * Copyright (c) 1989, 1993 @@ -55,7 +55,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: nfs_serv.c,v 1.159 2011/04/18 00:38:33 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_serv.c,v 1.160 2011/08/08 16:04:07 dholland Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -1911,7 +1911,9 @@ nfsm_srvwcc_data(tdirfor_ret, &tdirfor, tdiraft_ret, &tdiraft); if (fdirp) vrele(fdirp); - pathbuf_destroy(fromnd.ni_pathbuf); + if (fromnd.ni_pathbuf != NULL) { + pathbuf_destroy(fromnd.ni_pathbuf); + } return (0); } if (fromnd.ni_dvp != fromnd.ni_vp) { @@ -2060,7 +2062,10 @@ if (error == -1) error = 0; } - pathbuf_destroy(tond.ni_pathbuf); + if (tond.ni_pathbuf != NULL) { + pathbuf_destroy(tond.ni_pathbuf); + tond.ni_pathbuf = NULL; + } tond.ni_cnd.cn_nameiop = 0; out1: if (fdirp) { @@ -2078,6 +2083,7 @@ tdirp = NULL; } pathbuf_destroy(fromnd.ni_pathbuf); + fromnd.ni_pathbuf = NULL; fromnd.ni_cnd.cn_nameiop = 0; localfs = NULL; nfsm_reply(2 * NFSX_WCCDATA(v3)); @@ -2095,14 +2101,20 @@ vrele(tdirp); #endif if (tond.ni_cnd.cn_nameiop) { - pathbuf_destroy(tond.ni_pathbuf); + if (tond.ni_pathbuf != NULL) { + pathbuf_destroy(tond.ni_pathbuf); + tond.ni_pathbuf = NULL; + } } if (localfs) { VFS_RENAMELOCK_EXIT(localfs); } if (fromnd.ni_cnd.cn_nameiop) { VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd); - pathbuf_destroy(fromnd.ni_pathbuf); + if (fromnd.ni_pathbuf != NULL) { + pathbuf_destroy(fromnd.ni_pathbuf); + fromnd.ni_pathbuf = NULL; + } vrele(fromnd.ni_dvp); vrele(fvp); } @@ -2189,7 +2201,10 @@ vrele(dirp); } vrele(vp); - pathbuf_destroy(nd.ni_pathbuf); + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3)); if (v3) { nfsm_srvpostop_attr(getret, &at); @@ -2305,7 +2320,10 @@ vrele(dirp); dirp = NULL; } - pathbuf_destroy(nd.ni_pathbuf); + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } abort = 0; nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3)); @@ -2326,7 +2344,10 @@ vput(nd.ni_dvp); if (nd.ni_vp) vrele(nd.ni_vp); - pathbuf_destroy(nd.ni_pathbuf); + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } } if (dirp) vrele(dirp); @@ -2374,6 +2395,7 @@ if (error) { if (nd.ni_pathbuf != NULL) { pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; } nfsm_reply(NFSX_WCCDATA(v3)); nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft); @@ -2419,7 +2441,10 @@ vrele(dirp); dirp = NULL; } - pathbuf_destroy(nd.ni_pathbuf); + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } abort = 0; nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3)); @@ -2444,7 +2469,10 @@ vput(nd.ni_dvp); if (nd.ni_vp) vrele(nd.ni_vp); - pathbuf_destroy(nd.ni_pathbuf); + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } } if (dirp) vrele(dirp); @@ -2487,6 +2515,7 @@ if (error) { if (nd.ni_pathbuf != NULL) { pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; } nfsm_reply(NFSX_WCCDATA(v3)); nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft); @@ -2524,7 +2553,10 @@ vput(nd.ni_dvp); vput(vp); } - pathbuf_destroy(nd.ni_pathbuf); + if (nd.ni_pathbuf != NULL) { + pathbuf_destroy(nd.ni_pathbuf); + nd.ni_pathbuf = NULL; + } if (dirp) { if (v3) { diraft_ret = VOP_GETATTR(dirp, &diraft, cred); Index: src/sys/nfs/nfs_srvsubs.c diff -u src/sys/nfs/nfs_srvsubs.c:1.10 src/sys/nfs/nfs_srvsubs.c:1.11 --- src/sys/nfs/nfs_srvsubs.c:1.10 Mon Apr 11 01:33:05 2011 +++ src/sys/nfs/nfs_srvsubs.c Mon Aug 8 16:04:07 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: nfs_srvsubs.c,v 1.10 2011/04/11 01:33:05 dholland Exp $ */ +/* $NetBSD: nfs_srvsubs.c,v 1.11 2011/08/08 16:04:07 dholland Exp $ */ /* * Copyright (c) 1989, 1993 @@ -70,7 +70,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: nfs_srvsubs.c,v 1.10 2011/04/11 01:33:05 dholland Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nfs_srvsubs.c,v 1.11 2011/08/08 16:04:07 dholland Exp $"); #include <sys/param.h> #include <sys/proc.h> @@ -259,12 +259,12 @@ /* * And call lookup() to do the real work * - * Note: ndp->ni_pathbuf is left undestroyed; caller must - * clean it up. + * Note: ndp->ni_pathbuf is left undestroyed on success; + * caller must clean it up. */ error = lookup_for_nfsd(ndp, dp, neverfollow); if (error) { - return (error); + goto out; } return 0;