Print this page
7656 unlinking directory on tmpfs can cause kernel panic
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Rich Lowe <richlowe@richlowe.net>
Reviewed by: Vitaliy Gusev <vgusev@racktopsystems.com>
*** 1101,1114 ****
ASSERT(tp);
rw_enter(&parent->tn_rwlock, RW_WRITER);
rw_enter(&tp->tn_rwlock, RW_WRITER);
! if (tp->tn_type != VDIR ||
! (error = secpolicy_fs_linkdir(cred, dvp->v_vfsp)) == 0)
! error = tdirdelete(parent, tp, nm, tp->tn_type == VDIR ?
! DR_RMDIR : DR_REMOVE, cred);
rw_exit(&tp->tn_rwlock);
rw_exit(&parent->tn_rwlock);
vnevent_remove(TNTOV(tp), dvp, nm, ct);
tmpnode_rele(tp);
--- 1101,1112 ----
ASSERT(tp);
rw_enter(&parent->tn_rwlock, RW_WRITER);
rw_enter(&tp->tn_rwlock, RW_WRITER);
! error = tp->tn_type == VDIR ? EPERM :
! tdirdelete(parent, tp, nm, DR_REMOVE, cred);
rw_exit(&tp->tn_rwlock);
rw_exit(&parent->tn_rwlock);
vnevent_remove(TNTOV(tp), dvp, nm, ct);
tmpnode_rele(tp);
*** 1139,1150 ****
srcvp = realvp;
parent = (struct tmpnode *)VTOTN(dvp);
from = (struct tmpnode *)VTOTN(srcvp);
! if ((srcvp->v_type == VDIR &&
! secpolicy_fs_linkdir(cred, dvp->v_vfsp)) ||
(from->tn_uid != crgetuid(cred) && secpolicy_basic_link(cred)))
return (EPERM);
/*
* Make sure link for extended attributes is valid
--- 1137,1147 ----
srcvp = realvp;
parent = (struct tmpnode *)VTOTN(dvp);
from = (struct tmpnode *)VTOTN(srcvp);
! if (srcvp->v_type == VDIR ||
(from->tn_uid != crgetuid(cred) && secpolicy_basic_link(cred)))
return (EPERM);
/*
* Make sure link for extended attributes is valid