NetBSD Problem Report #47217
From martin@duskware.de Mon Nov 19 14:50:14 2012
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id E58E163E6C6
for <gnats-bugs@gnats.NetBSD.org>; Mon, 19 Nov 2012 14:50:13 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@gnats.NetBSD.org
Subject: t_fstatat crashes the kernel
X-Send-Pr-Version: 3.95
>Number: 47217
>Category: kern
>Synopsis: t_fstatat crashes the kernel
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: martin
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Nov 19 14:55:00 +0000 2012
>Closed-Date: Mon Nov 19 15:03:34 +0000 2012
>Last-Modified: Mon Nov 19 15:05:02 +0000 2012
>Originator: Martin Husemann
>Release: NetBSD 6.99.15
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD thirdstage.duskware.de 6.99.15 NetBSD 6.99.15 (MODULAR) #17: Mon Nov 19 10:50:38 CET 2012 martin@night-porter.duskware.de:/usr/src/sys/arch/sparc64/compile/MODULAR sparc64
Architecture: sparc64
Machine: sparc64
>Description:
The t_fstatat ATF test reproducably crashes my kernel. It seems to try to
write to an invalid stack address (a userland address confused with kernel
spac?) at:
(gdb) list *(do_sys_statat+0x7c)
0x15468dc is in do_sys_statat (../../../../kern/vfs_syscalls.c:3061).
3056 error = fd_nameiat(l, fdat, &nd);
3057 if (error != 0) {
3058 pathbuf_destroy(pb);
3059 return error;
3060 }
3061 error = vn_stat(nd.ni_vp, sb);
3062 vput(nd.ni_vp);
3063 pathbuf_destroy(pb);
3064 return error;
3065 }
Note that you do not need to be root to crash the machine now...
>How-To-Repeat:
cd /usr/tests/lib/libc/c063 && atf-run t_fstatat
>Fix:
yes!
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: kern-bug-people->martin
Responsible-Changed-By: martin@NetBSD.org
Responsible-Changed-When: Mon, 19 Nov 2012 15:03:34 +0000
Responsible-Changed-Why:
I fixed it
State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Mon, 19 Nov 2012 15:03:34 +0000
State-Changed-Why:
fixed
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/47217 CVS commit: src/sys/kern
Date: Mon, 19 Nov 2012 15:01:18 +0000
Module Name: src
Committed By: martin
Date: Mon Nov 19 15:01:17 UTC 2012
Modified Files:
src/sys/kern: vfs_syscalls.c
Log Message:
Use copyout to copy data from kernel out to userland!
Fixes PR kern/47217.
To generate a diff of this commit:
cvs rdiff -u -r1.460 -r1.461 src/sys/kern/vfs_syscalls.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.