[Midnightbsd-cvs] src [8087] trunk/sys/fs/deadfs/dead_vnops.c: deadfs VOPs for vop_ioctl and vop_bmap call itself recursively, which is an elaborate way to cause kernel panic.

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Thu Sep 15 18:43:26 EDT 2016 

Revision: 8087
          http://svnweb.midnightbsd.org/src/?rev=8087
Author:   laffer1
Date:     2016-09-15 18:43:25 -0400 (Thu, 15 Sep 2016)
Log Message:
-----------
deadfs VOPs for vop_ioctl and vop_bmap call itself recursively, which is an elaborate way to cause kernel panic. change the vops implementation to return EBADF for a reclaimed vnode.

Modified Paths:
--------------
    trunk/sys/fs/deadfs/dead_vnops.c

Modified: trunk/sys/fs/deadfs/dead_vnops.c
===================================================================
--- trunk/sys/fs/deadfs/dead_vnops.c	2016-09-15 22:42:08 UTC (rev 8086)
+++ trunk/sys/fs/deadfs/dead_vnops.c	2016-09-15 22:43:25 UTC (rev 8087)
@@ -41,8 +41,6 @@
 /*
  * Prototypes for dead operations on vnodes.
  */
-static vop_bmap_t	dead_bmap;
-static vop_ioctl_t	dead_ioctl;
 static vop_lookup_t	dead_lookup;
 static vop_open_t	dead_open;
 static vop_poll_t	dead_poll;
@@ -56,12 +54,12 @@
 
 	.vop_access =		VOP_EBADF,
 	.vop_advlock =		VOP_EBADF,
-	.vop_bmap =		dead_bmap,
+	.vop_bmap =		VOP_EBADF,
 	.vop_create =		VOP_PANIC,
 	.vop_getattr =		VOP_EBADF,
 	.vop_getwritemount =	dead_getwritemount,
 	.vop_inactive =		VOP_NULL,
-	.vop_ioctl =		dead_ioctl,
+	.vop_ioctl =		VOP_EBADF,
 	.vop_link =		VOP_PANIC,
 	.vop_lookup =		dead_lookup,
 	.vop_mkdir =		VOP_PANIC,
@@ -166,43 +164,6 @@
 }
 
 /*
- * Device ioctl operation.
- */
-/* ARGSUSED */
-static int
-dead_ioctl(ap)
-	struct vop_ioctl_args /* {
-		struct vnode *a_vp;
-		u_long  a_command;
-		caddr_t  a_data;
-		int  a_fflag;
-		struct ucred *a_cred;
-		struct proc *a_p;
-	} */ *ap;
-{
-	/* XXX: Doesn't this just recurse back here ? */
-	return (VOP_IOCTL_AP(ap));
-}
-
-/*
- * Wait until the vnode has finished changing state.
- */
-static int
-dead_bmap(ap)
-	struct vop_bmap_args /* {
-		struct vnode *a_vp;
-		daddr_t  a_bn;
-		struct bufobj **a_bop;
-		daddr_t *a_bnp;
-		int *a_runp;
-		int *a_runb;
-	} */ *ap;
-{
-
-	return (VOP_BMAP(ap->a_vp, ap->a_bn, ap->a_bop, ap->a_bnp, ap->a_runp, ap->a_runb));
-}
-
-/*
  * Trivial poll routine that always returns POLLHUP.
  * This is necessary so that a process which is polling a file
  * gets notified when that file is revoke()d.

More information about the Midnightbsd-cvs mailing list