>Number:         2923
>Category:       kern
>Synopsis:       mkdir on MSDOS filesystem causes vm fault panic
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov  7 23:20:00 1996
>Last-Modified:
>Originator:     Dave Huang
>Organization:
Name: Dave Huang     |   Mammal, mammal / their names are called /
INet: khym@bga.com   |   they raise a paw / the bat, the cat /
FurryMUCK: Dahan     |   dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 20 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
>Release:        November 7, 1996
>Environment:
System: NetBSD host4.alterity.com 1.2B NetBSD 1.2B (SPIFF) #62: Fri Nov 8 00:54:30 CST 1996 khym@host4.alterity.com:/usr/src/sys/arch/i386/compile/SPIFF i386


>Description:
Creating a directory on a msdos filesystem will cause the kernel to
crash with a vm_fault. This is because in msdosfs_mkdir(), the new
directory entry is cleared out with bzero(), then DETIMES() is called
on it to set the create/modification/access times. However, DETIMES()
dereferences de_pmp, which hasn't been initialized yet, causing a
dereference of a null pointer.

>How-To-Repeat:
Run mkdir on a msdos filesystem.
>Fix:
This seems to work for me :)

--- /usr/src/sys/msdosfs/msdosfs_vnops.c	Mon Oct 14 11:42:31 1996
+++ msdosfs_vnops.c	Fri Nov  8 00:54:02 1996
@@ -1229,6 +1229,7 @@
 
 	bzero(&ndirent, sizeof(ndirent));
 	ndirent.de_flag = DE_ACCESS | DE_CREATE | DE_UPDATE;
+	ndirent.de_pmp = pmp;
 	TIMEVAL_TO_TIMESPEC(&time, &ts);
 	DETIMES(&ndirent, &ts, &ts, &ts);
 	

>Audit-Trail:
>Unformatted: