diff options
| author |   bluhm <bluhm@openbsd.org> | 2016-05-22 20:27:04 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2016-05-22 20:27:04 +0000 |
| commit | 9ee302b807409cb1f9713adc404a77fe222e525c (patch) | |
| tree | aa5fe5ae4375c8135911855d360673c191e7e222 /sys/ntfs/ntfs_vfsops.c | |
| parent | makes sure the value of the asprintf buffer is zeroed on error (diff) | |
| download | wireguard-openbsd-9ee302b807409cb1f9713adc404a77fe222e525c.tar.xz wireguard-openbsd-9ee302b807409cb1f9713adc404a77fe222e525c.zip | |
When pulling an msdos formated umass stick during mount while the
usb stack was busy, the kernel could trigger an uvm fault. There
is a race between vop_generic_revoke() and sys_mount() where vgonel()
could reset v_specinfo. Then v_specmountpoint is no longer valid.
So after sleeping, msdosfs_mountfs() could crash in the error path.
The code in the different *_mountfs() functions was inconsistent,
implement the same check everywhere.
OK krw@ natano@
Diffstat (limited to 'sys/ntfs/ntfs_vfsops.c')
| -rw-r--r-- | sys/ntfs/ntfs_vfsops.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/ntfs/ntfs_vfsops.c b/sys/ntfs/ntfs_vfsops.c index f78a99f4efd..fedc49d3983 100644 --- a/sys/ntfs/ntfs_vfsops.c +++ b/sys/ntfs/ntfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntfs_vfsops.c,v 1.50 2016/04/26 18:37:03 natano Exp $ */ +/* $OpenBSD: ntfs_vfsops.c,v 1.51 2016/05/22 20:27:04 bluhm Exp $ */ /* $NetBSD: ntfs_vfsops.c,v 1.7 2003/04/24 07:50:19 christos Exp $ */ /*- @@ -450,7 +450,8 @@ out1: DPRINTF("ntfs_mountfs: vflush failed\n"); out: - devvp->v_specmountpoint = NULL; + if (devvp->v_specinfo) + devvp->v_specmountpoint = NULL; if (bp) brelse(bp); |