tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Problem in msdosfs_moutfs

     We have a function that mount/umounts a file system a part of a sanity

check.  When the operation is done rapidly(you really don’t want to know) it

uncovers a problem with mounting a raw device with a block size less than

1KiB (size of the on disk data structure).  The code always reads a block

(pmp->pm_BytesPerSec), the problem comes when the buffer is the last one

in a page, and the following page is not mapped.  The code reads beyond the

512 bytes in the original read, causing a seg fault in our case.  I don’t

understand why the code doesn’t insure the read to be minimum of the

structure being read from the device.

     I tried to send this once before, but appear to have mucked it up.  For

now we have a working fix/

     Discussed the change with Matt, resulting in the following diff:


/*     $NetBSD: msdosfs_vfsops.c,v 2009/02/08 19:10:44 snj Exp $     */

@@ -783,14 +784,15 @@


        if (pmp->pm_fsinfo) {

                struct fsinfo *fp;


+               const int rdsz = roundup(sizeof(struct fsinfo),

+                                        pmp->pm_BytesPerSec);


                 * XXX  If the fsinfo block is stored on media with

                 *      2KB or larger sectors, is the fsinfo structure

                 *      padded at the end or in the middle?


                if ((error = bread(devvp, de_bn2kb(pmp, pmp->pm_fsinfo),

-                   pmp->pm_BytesPerSec, NOCRED, 0, &bp)) != 0)

+                   rdsz, NOCRED, 0, &bp)) != 0)

                        goto error_exit;

                fp = (struct fsinfo *)bp->b_data;

                if (!memcmp(fp->fsisig1, "RRaA", 4)




Home | Main Index | Thread Index | Old Index