Subject: kern/3786: adosfs silently aborts a readdir() on a corrupted directory
To: None <gnats-bugs@gnats.netbsd.org>
From: Michael van Elst <mlelstv@serpens.swb.de>
List: netbsd-bugs
Date: 06/24/1997 22:46:04
>Number: 3786
>Category: kern
>Synopsis: adosfs silently aborts a readdir() on a corrupted directory
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Jun 24 14:05:01 1997
>Last-Modified:
>Originator: Michael van Elst
>Organization:
dis-
>Release: NetBSD-current 20 June 1997
>Environment:
Amiga A3000/060, NetBSD-current, adosfs
System: NetBSD lemming 1.2G NetBSD 1.2G (LEMMING) #10: Sun Jun 22 21:26:36 MEST 1997 root@lemming:/usr/src/sys/arch/amiga/compile/LEMMING amiga
>Description:
adosfs_readdir traverses a directory hash table and associated
hash chains. When encountering an invalid meta block then adosfs_vget()
returns an error and the readdir loop is aborted. No data is
returned by readdir().
As a result it is possible and likely that a directory is listed
as empty (ls doesn't even show an error, maybe a ls or fts bug ?)
but files and directories in this corrupted directory can still
be accessed.
>How-To-Repeat:
create a corrupted adosfs partition and see an empty directory
when doing an ls of the corrupted directory.
>Fix:
Apply the following change to advnops.c:
751,761c751,756
< if (error) {
< if (error != EINVAL)
< goto reterr;
< ap = NULL;
< nextbn = 0;
< } else {
< ap = VTOA(vp);
< scanned++;
< chainc++;
< nextbn = ap->hashf;
< }
---
> if (error)
> goto reterr;
> ap = VTOA(vp);
> scanned++;
> chainc++;
> nextbn = ap->hashf;
785d779
<
This basically aborts following a corrupted hash chain and
continues with further hash entries.
BUG: the error condition is not passed to userland, however
a DIAGNOSTIC is usually generated by lower level code.
>Audit-Trail:
>Unformatted: