mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 12:54:27 +00:00
The symlink implementation could improperly return a NULL vp along with
a 0 error code. The problem occured with NFSv2 mounts and also with any NFSv3 mount returning an EEXIST error (which is translated to 0 prior to return). The reply to the rpc only contains the file handle for the no-error case under NFSv3. The error case under NFSv3 and all cases under NFSv2 do *not* return the file handle. The fix is to do a secondary lookup to obtain the file handle and thus be able to generate a return vnode for the situations where the rpc reply does not contain the required information. The bug was originally introduced when VOP_SYMLINK semantics were changed for -CURRENT. The NFS symlink implementation was not properly modified to go along with the change despite the fact that three people reviewed the code. It took four attempts to get the current fix correct with five people. Is NFS obfuscated? Ha! Reviewed by: Alfred Perlstein <bright@wintelcom.net> Testing and Discussion: "Viren R.Shah" <viren@rstcorp.com>, Eivind Eklund <eivind@FreeBSD.ORG>, Ian Dowse <iedowse@maths.tcd.ie>
This commit is contained in:
parent
ac83689e01
commit
98733bd871
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=53937
|
@ -1805,24 +1805,54 @@ nfs_symlink(ap)
|
|||
txdr_nfsv2time(&vap->va_atime, &sp->sa_atime);
|
||||
txdr_nfsv2time(&vap->va_mtime, &sp->sa_mtime);
|
||||
}
|
||||
|
||||
/*
|
||||
* Issue the NFS request and get the rpc response.
|
||||
*
|
||||
* Only NFSv3 responses returning an error of 0 actually return
|
||||
* a file handle that can be converted into newvp without having
|
||||
* to do an extra lookup rpc.
|
||||
*/
|
||||
nfsm_request(dvp, NFSPROC_SYMLINK, cnp->cn_proc, cnp->cn_cred);
|
||||
if (v3) {
|
||||
if (!error)
|
||||
if (error == 0)
|
||||
nfsm_mtofh(dvp, newvp, v3, gotvp);
|
||||
nfsm_wcc_data(dvp, wccflag);
|
||||
}
|
||||
nfsm_reqdone;
|
||||
|
||||
/*
|
||||
* Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
|
||||
* out code jumps -> here, mrep is also freed.
|
||||
*/
|
||||
|
||||
nfsm_reqdone;
|
||||
|
||||
/*
|
||||
* If we get an EEXIST error, silently convert it to no-error
|
||||
* in case of an NFS retry.
|
||||
*/
|
||||
if (error == EEXIST)
|
||||
error = 0;
|
||||
|
||||
/*
|
||||
* If we do not have (or no longer have) an error, and we could
|
||||
* not extract the newvp from the response due to the request being
|
||||
* NFSv2 or the error being EEXIST. We have to do a lookup in order
|
||||
* to obtain a newvp to return.
|
||||
*/
|
||||
if (error == 0 && newvp == NULL) {
|
||||
struct nfsnode *np = NULL;
|
||||
|
||||
error = nfs_lookitup(dvp, cnp->cn_nameptr, cnp->cn_namelen,
|
||||
cnp->cn_cred, cnp->cn_proc, &np);
|
||||
if (!error)
|
||||
newvp = NFSTOV(np);
|
||||
}
|
||||
if (error) {
|
||||
if (newvp)
|
||||
vput(newvp);
|
||||
} else
|
||||
} else {
|
||||
*ap->a_vpp = newvp;
|
||||
}
|
||||
VTONFS(dvp)->n_flag |= NMODIFIED;
|
||||
if (!wccflag)
|
||||
VTONFS(dvp)->n_attrstamp = 0;
|
||||
|
|
|
@ -1805,24 +1805,54 @@ nfs_symlink(ap)
|
|||
txdr_nfsv2time(&vap->va_atime, &sp->sa_atime);
|
||||
txdr_nfsv2time(&vap->va_mtime, &sp->sa_mtime);
|
||||
}
|
||||
|
||||
/*
|
||||
* Issue the NFS request and get the rpc response.
|
||||
*
|
||||
* Only NFSv3 responses returning an error of 0 actually return
|
||||
* a file handle that can be converted into newvp without having
|
||||
* to do an extra lookup rpc.
|
||||
*/
|
||||
nfsm_request(dvp, NFSPROC_SYMLINK, cnp->cn_proc, cnp->cn_cred);
|
||||
if (v3) {
|
||||
if (!error)
|
||||
if (error == 0)
|
||||
nfsm_mtofh(dvp, newvp, v3, gotvp);
|
||||
nfsm_wcc_data(dvp, wccflag);
|
||||
}
|
||||
nfsm_reqdone;
|
||||
|
||||
/*
|
||||
* Kludge: Map EEXIST => 0 assuming that it is a reply to a retry.
|
||||
* out code jumps -> here, mrep is also freed.
|
||||
*/
|
||||
|
||||
nfsm_reqdone;
|
||||
|
||||
/*
|
||||
* If we get an EEXIST error, silently convert it to no-error
|
||||
* in case of an NFS retry.
|
||||
*/
|
||||
if (error == EEXIST)
|
||||
error = 0;
|
||||
|
||||
/*
|
||||
* If we do not have (or no longer have) an error, and we could
|
||||
* not extract the newvp from the response due to the request being
|
||||
* NFSv2 or the error being EEXIST. We have to do a lookup in order
|
||||
* to obtain a newvp to return.
|
||||
*/
|
||||
if (error == 0 && newvp == NULL) {
|
||||
struct nfsnode *np = NULL;
|
||||
|
||||
error = nfs_lookitup(dvp, cnp->cn_nameptr, cnp->cn_namelen,
|
||||
cnp->cn_cred, cnp->cn_proc, &np);
|
||||
if (!error)
|
||||
newvp = NFSTOV(np);
|
||||
}
|
||||
if (error) {
|
||||
if (newvp)
|
||||
vput(newvp);
|
||||
} else
|
||||
} else {
|
||||
*ap->a_vpp = newvp;
|
||||
}
|
||||
VTONFS(dvp)->n_flag |= NMODIFIED;
|
||||
if (!wccflag)
|
||||
VTONFS(dvp)->n_attrstamp = 0;
|
||||
|
|
Loading…
Reference in a new issue