[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [UNIKRAFT PATCH 1/5] lib/vfscore: Fix bug where newdp is freed before initialization

Hi Vlad, looks good, thanks.

Reviewed-by: Felipe Huici <felipe.huici@xxxxxxxxx>

On Sat, Nov 21, 2020 at 4:08 PM Vlad-Andrei Badoiu <vlad_andrei.badoiu@xxxxxx> wrote:
When vp->v_type == VDIR we jump to out where newdp is freed
via the drele call but newdp has yet to be initialized. We
solve this by checking the output of namei first.
---
 lib/vfscore/syscalls.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/vfscore/syscalls.c b/lib/vfscore/syscalls.c
index ce512742..c5481905 100644
--- a/lib/vfscore/syscalls.c
+++ b/lib/vfscore/syscalls.c
@@ -940,17 +940,17 @@ sys_link(char *oldpath, char *newpath)
        vp = olddp->d_vnode;
        vn_lock(vp);

-       if (vp->v_type == VDIR) {
-               error = EPERM;
-               goto out;
-       }
-
        /* If newpath exists, it shouldn't be overwritten */
        if (!namei(newpath, &newdp)) {
                error = EEXIST;
                goto out;
        }

+       if (vp->v_type == VDIR) {
+               error = EPERM;
+               goto out;
+       }
+
        /* Get pointer to the parent dentry of newpath */
        if ((error = lookup(newpath, &newdirdp, &name)) != 0)
                goto out;
--
2.27.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.