git: 6ff3e8a3165e - main - cache: add a comment about a realpath bug

The branch main has been updated by mjg:

URL: https://cgit.FreeBSD.org/src/commit/?id=6ff3e8a3165ea580c184cfad8ebd7cffc17b0271

commit 6ff3e8a3165ea580c184cfad8ebd7cffc17b0271
Author:     Mateusz Guzik <mjg@FreeBSD.org>
AuthorDate: 2022-03-19 15:11:25 +0000
Commit:     Mateusz Guzik <mjg@FreeBSD.org>
CommitDate: 2022-03-19 15:11:25 +0000

    cache: add a comment about a realpath bug
---
 sys/kern/vfs_cache.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/sys/kern/vfs_cache.c b/sys/kern/vfs_cache.c
index 13c84791583e..147d3075dfac 100644
--- a/sys/kern/vfs_cache.c
+++ b/sys/kern/vfs_cache.c
@@ -3119,6 +3119,17 @@ vn_getcwd(char *buf, char **retbuf, size_t *buflen)
 	return (error);
 }
 
+/*
+ * Canonicalize a path by walking it forward and back.
+ *
+ * BUGS:
+ * - Nothing guarantees the integrity of the entire chain. Consider the case
+ *   where the path "foo/bar/baz/qux" is passed, but "bar" is moved out of
+ *   "foo" into "quux" during the backwards walk. The result will be
+ *   "quux/bar/baz/qux", which could not have been obtained by an incremental
+ *   walk in userspace. Moreover, the path we return is inaccessible if the
+ *   calling thread lacks permission to traverse "quux".
+ */
 static int
 kern___realpathat(struct thread *td, int fd, const char *path, char *buf,
     size_t size, int flags, enum uio_seg pathseg)