Subject: kern/2923: mkdir on MSDOS filesystem causes vm fault panic
To: None <gnats-bugs@gnats.netbsd.org>
From: Dave Huang <khym@bga.com>
List: netbsd-bugs
Date: 11/08/1996 01:05:09
>Number: 2923
>Category: kern
>Synopsis: mkdir on MSDOS filesystem causes vm fault panic
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 7 23:20:00 1996
>Last-Modified:
>Originator: Dave Huang
>Organization:
Name: Dave Huang | Mammal, mammal / their names are called /
INet: khym@bga.com | they raise a paw / the bat, the cat /
FurryMUCK: Dahan | dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 20 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
>Release: November 7, 1996
>Environment:
System: NetBSD host4.alterity.com 1.2B NetBSD 1.2B (SPIFF) #62: Fri Nov 8 00:54:30 CST 1996 khym@host4.alterity.com:/usr/src/sys/arch/i386/compile/SPIFF i386
>Description:
Creating a directory on a msdos filesystem will cause the kernel to
crash with a vm_fault. This is because in msdosfs_mkdir(), the new
directory entry is cleared out with bzero(), then DETIMES() is called
on it to set the create/modification/access times. However, DETIMES()
dereferences de_pmp, which hasn't been initialized yet, causing a
dereference of a null pointer.
>How-To-Repeat:
Run mkdir on a msdos filesystem.
>Fix:
This seems to work for me :)
--- /usr/src/sys/msdosfs/msdosfs_vnops.c Mon Oct 14 11:42:31 1996
+++ msdosfs_vnops.c Fri Nov 8 00:54:02 1996
@@ -1229,6 +1229,7 @@
bzero(&ndirent, sizeof(ndirent));
ndirent.de_flag = DE_ACCESS | DE_CREATE | DE_UPDATE;
+ ndirent.de_pmp = pmp;
TIMEVAL_TO_TIMESPEC(&time, &ts);
DETIMES(&ndirent, &ts, &ts, &ts);
>Audit-Trail:
>Unformatted: