DragonFly bugs List (threaded) for 2010-10
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

[issue1885] Panic when mounting a jailed devfs with jail devfs.conf entries

From:	"fanch \(via DragonFly issue tracker\)" <sinknull@xxxxxxxxxxxxxxxxxxxxx>
Date:	Sat, 23 Oct 2010 18:14:08 +0000

New submission from fanch <fanch@kekpar.net>:

In devfs_rules.c, struct "devfs_rule_ioctl" member "rule_type" is tested as an
integer, but is a bitmask. So when both DEVFS_RULE_NAME and DEVFS_RULE_JAIL are
set, the member "name" in newly created devfs_rule is set to NULL.

Later, devfs_rule_checkname() is called, and the kernel will panic in
devfs_resolve_name_path().

See diff for a partial correction (len==0 and invalid name or linkname pointers
need to be handled elsewhere).

By the way, /dev/rc.d/devfs seems to be called too early in the boot process:
it does nothing. But calling it later (manually) works.

----------
files: devfs_rules.c.diff
messages: 9161
nosy: fanch
priority: bug
status: unread
title: Panic when mounting a jailed devfs with jail devfs.conf entries

_____________________________________________________
DragonFly issue tracker <bugs@lists.dragonflybsd.org>
<http://bugs.dragonflybsd.org/issue1885>
_____________________________________________________

Attachment: devfs_rules.c.diff
Description: Binary data

Follow-Ups:
- [issue1885] Panic when mounting a jailed devfs with jail devfs.conf entries
  - From: "fanch \(via DragonFly issue tracker\)" <sinknull@leaf.dragonflybsd.org>

References:
- [issue1885] Panic when mounting a jailed devfs with jail devfs.conf entries
  - From: "fanch \(via DragonFly issue tracker\)" <sinknull@leaf.dragonflybsd.org>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]