d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vfs: keep the mount point referenced across sys_quotactl

Browse Source 
Otherwise we risk running into use-after-free.

In particular this codepath ends up dropping all protection before
suspending writes:

ufs_quotactl -> quotaoff_inchange -> vfs_write_suspend_umnt

Reported by:	pho
This commit is contained in:
mjg 2020-01-30 19:38:12 +00:00
parent b642d4098b
commit 23e6779681
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sys/kern/vfs_syscalls.c
View File

@ -189,9 +189,10 @@ sys_quotactl(struct thread *td, struct quotactl_args *uap)
vfs_ref(mp);
vput(nd.ni_vp);
error = vfs_busy(mp, 0);
vfs_rel(mp);
if (error != 0)
if (error != 0) {
vfs_rel(mp);
return (error);
}
error = VFS_QUOTACTL(mp, uap->cmd, uap->uid, uap->arg);
/*
@ -208,6 +209,7 @@ sys_quotactl(struct thread *td, struct quotactl_args *uap)
if ((uap->cmd >> SUBCMDSHIFT) != Q_QUOTAON &&
(uap->cmd >> SUBCMDSHIFT) != Q_QUOTAOFF)
vfs_unbusy(mp);
vfs_rel(mp);
return (error);
}