netbsd-bugs: kern/1084: whiteout bug in UFS can truncate your directories

Subject: kern/1084: whiteout bug in UFS can truncate your directories
To: None <gnats-admin@sun-lamp.cs.berkeley.edu>
From: John Kohl <jtk@kolvir.blrc.ma.us>
List: netbsd-bugs
Date: 05/29/1995 23:35:06

>Number:         1084
>Category:       kern
>Synopsis:       use of whiteouts can cause directories to be erroneously truncated
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 29 23:35:05 1995
>Originator:     John Kohl
>Organization:
NetBSD Kernel Hackers `R` Us
>Release:        -current as of about May 20th
>Environment:
	
System: NetBSD kolvir 1.0A NetBSD 1.0A (KOLVIR) #398: Mon May 29 22:38:06 EDT 1995 jtk@kolvir:/u1/NetBSD-current/src/sys/arch/i386/compile/KOLVIR i386


>Description:

Using the union FS can lead to loss of upper-layer file system entries
in UFS.

>How-To-Repeat:

Mount a union FS.  Create enough local entries to get more than one file
system block's worth of dirents.  Rename the first "local" entry in the
directory to some longer name, then rename it back.  Watch your
directory get truncated [see the bottom of ufs_direnter2()].  Get very
very pissed off, calm down, and then run FSCK manually to clean up.

>Fix:

===================================================================
RCS file: RCS/ufs_lookup.c,v
retrieving revision 1.1
diff -c -r1.1 ufs_lookup.c
*** ufs_lookup.c	1995/05/30 02:28:51	1.1
--- ufs_lookup.c	1995/05/30 02:28:57
***************
*** 337,343 ****
  					slotoffset = dp->i_offset;
  					slotsize = ep->d_reclen;
  					dp->i_reclen = slotsize;
! 					enduseful = slotoffset + slotsize;
  					ap->a_cnp->cn_flags |= ISWHITEOUT;
  					numdirpasses--;
  					goto notfound;
--- 337,347 ----
  					slotoffset = dp->i_offset;
  					slotsize = ep->d_reclen;
  					dp->i_reclen = slotsize;
! 					/* enduseful must point to beyond
! 					   the last in-use dirent in this
! 					   directory, NOT to the end of this
! 					   slot! */
! 					enduseful = endsearch;
  					ap->a_cnp->cn_flags |= ISWHITEOUT;
  					numdirpasses--;
  					goto notfound;


p.s. Charles, please excuse the cc:; I know lamp is not working and
won't see this bug report.  It's serious enough that I think you should
see it >now<.
>Audit-Trail:
>Unformatted: