NetBSD Problem Report #52351

From dholland@macaran.eecs.harvard.edu  Sat Jul  1 00:16:07 2017
Return-Path: <dholland@macaran.eecs.harvard.edu>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 9676D7A179
	for <gnats-bugs@gnats.NetBSD.org>; Sat,  1 Jul 2017 00:16:07 +0000 (UTC)
Message-Id: <20170630225805.5A0606E284@macaran.eecs.harvard.edu>
Date: Fri, 30 Jun 2017 18:57:59 -0400 (EDT)
From: dholland@eecs.harvard.edu
Reply-To: dholland@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: namei needs to take more rootdir refs
X-Send-Pr-Version: 3.95

>Number:         52351
>Category:       kern
>Synopsis:       namei needs to take more rootdir refs
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 01 00:20:01 +0000 2017
>Closed-Date:    Mon Jul 01 07:58:35 +0000 2019
>Last-Modified:  Mon Jul 01 07:58:35 +0000 2019
>Originator:     David A. Holland
>Release:        NetBSD 7.99.65 (20170309)
>Organization:
>Environment:
System: NetBSD macaran 7.99.65 NetBSD 7.99.65 (MACARAN) #41: Thu Mar 9 19:33:59 EST 2017 dholland@macaran:/usr/src/sys/arch/amd64/compile/MACARAN amd64
Architecture: x86_64
Machine: amd64
>Description:

namei saves pointers to the root vnode and emulation root vnode in
struct nameidata.

These do not have their own references to these vnodes and can
conceivably go stale if another thread in the same process chroots.

From mjg@freebsd.

>How-To-Repeat:

>Fix:

Not entirely trivial as struct nameidata is owned by the caller and
never explicitly destroyed/released. Hopefully no caller is actually
using these fields and they can quietly get shifted into struct
namei_state and disappear.

(Fortunately, no program in its right mind chroots concurrently while
doing other fs operations, and screwing around on purpose will require
root.)

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 01 Jul 2019 07:58:35 +0000
State-Changed-Why:
fixed by hannken@ in -r1.209 of vfs_lookup.c


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.