Project

General

Profile

Actions

Bug #1885

closed

Panic when mounting a jailed devfs with jail devfs.conf entries

Added by fanch about 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

In devfs_rules.c, struct "devfs_rule_ioctl" member "rule_type" is tested as an
integer, but is a bitmask. So when both DEVFS_RULE_NAME and DEVFS_RULE_JAIL are
set, the member "name" in newly created devfs_rule is set to NULL.

Later, devfs_rule_checkname() is called, and the kernel will panic in
devfs_resolve_name_path().

See diff for a partial correction (len==0 and invalid name or linkname pointers
need to be handled elsewhere).

By the way, /dev/rc.d/devfs seems to be called too early in the boot process:
it does nothing. But calling it later (manually) works.


Files

devfs_rules.c.diff (357 Bytes) devfs_rules.c.diff fanch, 10/23/2010 06:14 PM
Actions

Also available in: Atom PDF