Bug #5168
open
uninitialized snapname in zfsctl_snapdir_lookup
0%
Description
http://src.illumos.org/source/xref/illumos-gate/usr/src/uts/common/fs/zfs/zfs_ctldir.c#777
zfsctl_snapdir_lookup() {
.
.
.
char snapname[MAXNAMELEN];
.
.
.
mutex_enter(&sdp->sd_lock);
search.se_name = (char )nm;
if ((sep = avl_find(&sdp->sd_snaps, &search, &where)) != NULL) {
*vpp = sep->se_root;
VN_HOLD(*vpp);
err = traverse(vpp);
if (err != 0) {
VN_RELE(*vpp);
*vpp = NULL;
} else if (*vpp == sep->se_root) {
/
* The snapshot was unmounted behind our backs,
* try to remount it.
/
goto domount;
} else {
/
* VROOT was set during the traverse call. We need
* to clear it since we're pretending to be part
* of our parent's vfs.
*/
(*vpp)->v_flag &= ~VROOT;
}
mutex_exit(&sdp->sd_lock);
ZFS_EXIT(zfsvfs);
return (err);
}
.
.
.
domount:
mountpoint_len = strlen(refstr_value(dvp->v_vfsp->vfs_mntpt)) +
strlen("/.zfs/snapshot/") + strlen(nm) + 1;
mountpoint = kmem_alloc(mountpoint_len, KM_SLEEP);
(void) snprintf(mountpoint, mountpoint_len, "%s/.zfs/snapshot/%s",
refstr_value(dvp->v_vfsp->vfs_mntpt), nm);
margs.spec = snapname;
margs.dir = mountpoint;
margs.flags = MS_SYSSPACE | MS_NOMNTTAB;
margs.fstype = "zfs";
margs.dataptr = NULL;
margs.datalen = 0;
margs.optptr = NULL;
margs.optlen = 0;err = domount("zfs", &margs, *vpp, kcred, &vfsp);
kmem_free(mountpoint, mountpoint_len);
.
.
.
}No data to display