From owner-freebsd-bugs  Sun Apr  9 09:10:02 1995
Return-Path: bugs-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id JAA25770
          for bugs-outgoing; Sun, 9 Apr 1995 09:10:02 -0700
Received: (from gnats@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id JAA25763
          ; Sun, 9 Apr 1995 09:10:01 -0700
Date: Sun, 9 Apr 1995 09:10:01 -0700
Message-Id: <199504091610.JAA25763@freefall.cdrom.com>
From: pritc003@maroon.tc.umn.edu
Reply-To: pritc003@maroon.tc.umn.edu
To: freebsd-bugs
Subject: kern/312: link system call on msdos filesystem causes panic
In-Reply-To: Your message of Sun, 9 Apr 1995 11:01:57 -0500
	<199504091601.LAA00372@mpp.com>
Sender: bugs-owner@FreeBSD.org
Precedence: bulk


>Number:         312
>Category:       kern
>Synopsis:       link system call on msdos filesystem causes panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr  9 09:10:01 1995
>Originator:     Mike Pritchard
>Organization:
>Release:        FreeBSD 2.1.0-Development i386
>Environment:

>Description:

If a program does a link("file1", "file2") system call followed by an 
unlink("file1") system call on a msdos file system, the system will 
panic with the following message:

panic: msdosfs_lock: locking against myself

This is because the msdosfs link code does not vput the vnode like
it should before returning.  The link code should also return an
error to the user so that the calling program doesn't accidently 
destroy the file it was attempting to link, thinking that the
link() call actually worked.

>How-To-Repeat:

Compile and run the following program on a msdos file system:

#include <stdio.h>
#include <fcntl.h>

main()
{
	int	fd;

	if ((fd = open("testfile", O_RDWR | O_CREAT, 0666)) < 0) {
		perror("open");
		exit(1);
	}
	if (link("testfile", "newfile") < 0) {
		perror("link");
		exit(1);
	}
	if (unlink("testfile") < 0) {
		perror("unlink");
		exit(1);
	}
	close(fd);
}


>Fix:
	
The attached fix corrects the msdosfs_link() routine to correctly vput 
the vnode before returning, and return an error of EMLINK (too many 
links) to the user.  Feel free to choose another errno if you think
something else is more appropriate.  ENODEV would be my next choice.


*** msdosfs/orig2/msdosfs_vnops.c	Sun Apr  9 10:29:49 1995
--- msdosfs/msdosfs_vnops.c	Sun Apr  9 10:34:30 1995
***************
*** 907,913 ****
  		struct componentname *a_cnp;
  	} */ *ap;
  {
! 	return VOP_ABORTOP(ap->a_vp, ap->a_cnp);
  }
  
  /*
--- 907,915 ----
  		struct componentname *a_cnp;
  	} */ *ap;
  {
! 	VOP_ABORTOP(ap->a_vp, ap->a_cnp);
! 	vput(ap->a_vp);
! 	return EMLINK;
  }
  
  /*
>Audit-Trail:
>Unformatted: