From 1a34e9fad6b6d894eb81002bd966684be1d1fe86 Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Tue, 20 Oct 2020 17:19:10 +0000 Subject: [PATCH] Fix potential race condition in linux stat(2). Reviewed by: kib MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25618 --- sys/compat/linux/linux_stats.c | 9 ++------- sys/compat/linux/linux_util.c | 19 +++++++++++++++++++ sys/compat/linux/linux_util.h | 1 + 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/sys/compat/linux/linux_stats.c b/sys/compat/linux/linux_stats.c index 390f361afa6e..01f9cada670b 100644 --- a/sys/compat/linux/linux_stats.c +++ b/sys/compat/linux/linux_stats.c @@ -80,11 +80,8 @@ translate_vnhook_major_minor(struct vnode *vp, struct stat *sb) if (rootdevmp != NULL && vp->v_mount->mnt_vfc == rootdevmp->mnt_vfc) sb->st_dev = rootdevmp->mnt_stat.f_fsid.val[0]; - if (vp->v_type == VCHR && vp->v_rdev != NULL && - linux_driver_get_major_minor(devtoname(vp->v_rdev), - &major, &minor) == 0) { + if (linux_vn_get_major_minor(vp, &major, &minor) == 0) sb->st_rdev = (major << 8 | minor); - } } static int @@ -140,9 +137,7 @@ translate_fd_major_minor(struct thread *td, int fd, struct stat *buf) if (mp != NULL && mp->mnt_vfc == rootdevmp->mnt_vfc) buf->st_dev = rootdevmp->mnt_stat.f_fsid.val[0]; } - if (vp != NULL && vp->v_rdev != NULL && - linux_driver_get_major_minor(devtoname(vp->v_rdev), - &major, &minor) == 0) { + if (linux_vn_get_major_minor(vp, &major, &minor) == 0) { buf->st_rdev = (major << 8 | minor); } else if (fp->f_type == DTYPE_PTS) { struct tty *tp = fp->f_data; diff --git a/sys/compat/linux/linux_util.c b/sys/compat/linux/linux_util.c index 59fc844e1cbe..5febafef08c7 100644 --- a/sys/compat/linux/linux_util.c +++ b/sys/compat/linux/linux_util.c @@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include @@ -195,6 +196,24 @@ linux_driver_get_major_minor(const char *node, int *major, int *minor) return (1); } +int +linux_vn_get_major_minor(const struct vnode *vp, int *major, int *minor) +{ + int error; + + if (vp->v_type != VCHR) + return (ENOTBLK); + dev_lock(); + if (vp->v_rdev == NULL) { + dev_unlock(); + return (ENXIO); + } + error = linux_driver_get_major_minor(devtoname(vp->v_rdev), + major, minor); + dev_unlock(); + return (error); +} + char * linux_get_char_devices() { diff --git a/sys/compat/linux/linux_util.h b/sys/compat/linux/linux_util.h index d9cbda114fac..43a1eec4d17c 100644 --- a/sys/compat/linux/linux_util.h +++ b/sys/compat/linux/linux_util.h @@ -123,6 +123,7 @@ int linux_device_register_handler(struct linux_device_handler *h); int linux_device_unregister_handler(struct linux_device_handler *h); char *linux_driver_get_name_dev(device_t dev); int linux_driver_get_major_minor(const char *node, int *major, int *minor); +int linux_vn_get_major_minor(const struct vnode *vn, int *major, int *minor); char *linux_get_char_devices(void); void linux_free_get_char_devices(char *string);