diff options
author | kib <kib@FreeBSD.org> | 2012-11-02 13:56:36 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2012-11-02 13:56:36 +0000 |
commit | f16ea990070abd8c9cb42bfc7001ada604b4df01 (patch) | |
tree | 77eb9f8e9de108d0ae7792cfceedcd340198177e /sys/kern/kern_exec.c | |
parent | 37f3bd87e4ec81bcec505485b1cf96c74db846f0 (diff) | |
download | FreeBSD-src-f16ea990070abd8c9cb42bfc7001ada604b4df01.zip FreeBSD-src-f16ea990070abd8c9cb42bfc7001ada604b4df01.tar.gz |
The r241025 fixed the case when a binary, executed from nullfs mount,
was still possible to open for write from the lower filesystem. There
is a symmetric situation where the binary could already has file
descriptors opened for write, but it can be executed from the nullfs
overlay.
Handle the issue by passing one v_writecount reference to the lower
vnode if nullfs vnode has non-zero v_writecount. Note that only one
write reference can be donated, since nullfs only keeps one use
reference on the lower vnode. Always use the lower vnode v_writecount
for the checks.
Introduce the VOP_GET_WRITECOUNT to read v_writecount, which is
currently always bypassed to the lower vnode, and VOP_ADD_WRITECOUNT
to manipulate the v_writecount value, which manages a single bypass
reference to the lower vnode. Caling the VOPs instead of directly
accessing v_writecount provide the fix described in the previous
paragraph.
Tested by: pho
MFC after: 3 weeks
Diffstat (limited to 'sys/kern/kern_exec.c')
-rw-r--r-- | sys/kern/kern_exec.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index 0970562..a37b9f1 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -1376,7 +1376,7 @@ exec_check_permissions(imgp) struct vnode *vp = imgp->vp; struct vattr *attr = imgp->attr; struct thread *td; - int error; + int error, writecount; td = curthread; @@ -1421,7 +1421,10 @@ exec_check_permissions(imgp) * Check number of open-for-writes on the file and deny execution * if there are any. */ - if (vp->v_writecount) + error = VOP_GET_WRITECOUNT(vp, &writecount); + if (error != 0) + return (error); + if (writecount != 0) return (ETXTBSY); /* |