Skip to content

Commit

Permalink
Remove the assertion "searchdir != foundobj" from lookup_crossmount().
Browse files Browse the repository at this point in the history 
It will trigger whenever we lookup "." on a directory that becomes
mounted

    fd = open("/mnt")
    mount(..., "/mnt", ...)
    fd2 = openat(fd, ".")

or

    Unlocked searchdir gets mounted mounted on between
    lookup_fastforward()/lookup_once() and the test for
    foundobj->v_mountedhere.

May address syzkaller:

Reported-by: syzbot+9197ac681ce50f707d9a@syzkaller.appspotmail.com
Reported-by: syzbot+eb4854df8ee3c9bc278d@syzkaller.appspotmail.com
Reported-by: syzbot+3cc5b4126ab554f145d3@syzkaller.appspotmail.com
Reported-by: syzbot+7eae48a3ea952efee8c8@syzkaller.appspotmail.com
Reported-by: syzbot+b7f662083ccf8be3e669@syzkaller.appspotmail.com
  • Loading branch information
hannken authored and hannken committed Feb 10, 2022
1 parent 9468ae1 commit d832c64
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions sys/kern/vfs_lookup.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: vfs_lookup.c,v 1.230 2021/11/13 14:52:08 hannken Exp $ */
/* $NetBSD: vfs_lookup.c,v 1.231 2022/02/10 10:59:12 hannken Exp $ */

/*
* Copyright (c) 1982, 1986, 1989, 1993
Expand Down Expand Up @@ -37,7 +37,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.230 2021/11/13 14:52:08 hannken Exp $");
__KERNEL_RCSID(0, "$NetBSD: vfs_lookup.c,v 1.231 2022/02/10 10:59:12 hannken Exp $");

#ifdef _KERNEL_OPT
#include "opt_magiclinks.h"
Expand Down Expand Up @@ -940,8 +940,6 @@ lookup_crossmount(struct namei_state *state,
while (foundobj->v_type == VDIR &&
(mp = foundobj->v_mountedhere) != NULL &&
(cnp->cn_flags & NOCROSSMOUNT) == 0) {
KASSERTMSG(searchdir != foundobj, "same vn %p", searchdir);

/*
* Try the namecache first. If that doesn't work, do
* it the hard way.
Expand Down

0 comments on commit d832c64

Please sign in to comment.