cache: only let non-dir descriptors through when doing EMPTYPATH lookups
Otherwise things like realpath against a file and '.' end up with an
illegal state of having a regular vnode for the parent.
Reported by: syzbot+9aa5439dd9c708aeb1a8@syzkaller.appspotmail.com
(cherry picked from commit 628c3b307f)
This commit is contained in:
Mateusz Guzik
parent
bac79d8e16
commit
54c0eac7c1
@ -4242,19 +4242,28 @@ cache_can_fplookup(struct cache_fpl *fpl)
|
||||
return (true);
|
||||
}
|
||||
|
||||
static int
|
||||
static int __noinline
|
||||
cache_fplookup_dirfd(struct cache_fpl *fpl, struct vnode **vpp)
|
||||
{
|
||||
struct nameidata *ndp;
|
||||
struct componentname *cnp;
|
||||
int error;
|
||||
bool fsearch;
|
||||
|
||||
ndp = fpl->ndp;
|
||||
cnp = fpl->cnp;
|
||||
|
||||
error = fgetvp_lookup_smr(ndp->ni_dirfd, ndp, vpp, &fsearch);
|
||||
if (__predict_false(error != 0)) {
|
||||
return (cache_fpl_aborted(fpl));
|
||||
}
|
||||
fpl->fsearch = fsearch;
|
||||
if ((*vpp)->v_type != VDIR) {
|
||||
if (!((cnp->cn_flags & EMPTYPATH) != 0 && cnp->cn_pnbuf[0] == '\0')) {
|
||||
cache_fpl_smr_exit(fpl);
|
||||
return (cache_fpl_handled_error(fpl, ENOTDIR));
|
||||
}
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user