From owner-freebsd-bugs Mon Jul 24 23:40:10 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 1CA6A37BA86 for ; Mon, 24 Jul 2000 23:40:07 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id XAA83623; Mon, 24 Jul 2000 23:40:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Mon, 24 Jul 2000 23:40:06 -0700 (PDT) Message-Id: <200007250640.XAA83623@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: "Mark W. Krentel" Subject: Re: kern/19407: Panic running linux binary on ext2fs Reply-To: "Mark W. Krentel" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/19407; it has been noted by GNATS. From: "Mark W. Krentel" To: bde@zeta.org.au Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: kern/19407: Panic running linux binary on ext2fs Date: Tue, 25 Jul 2000 02:32:04 -0400 (EDT) > I found some of the problems using these hints. There were 2 serious bugs > in ext2_readdir(): writing far beyond the end of the cookie buffer, and > reading a little beyond the end of the directory buffer. Thanks for looking at the PR! I tried the patch, but unfortunately it didn't make any difference. Are you able to reproduce the bug? I can produce it with just the simple readdir program (see below). Readdir prematurely returns NULL on both ext2fs and cdrom partitions and thus lists too few files. That is, I can produce the bug without even using an ext2fs partition. > Overrunning the directory buffer can cause panics and wrong results from > readdir(3) even for native binaries, but this problem doesn't usually occur > for native binaries because they use an adequate buffer size (4K). Linux > binaries trigger the bug by using a too-small buffer size (512 bytes). What buffers? Are they something a user program has control over, or are they buried within library routines? I tried bypassing readdir by using open and read on the directory. I wrote a simple hex dump program and compiled it in RH 6.1. But Linux wouldn't run it; read on a directory returned EISDIR (Is a directory). Ironically, the Linuxulator did run the program, and read returned the entire directory. So, I guess that narrows the problem to something in the readdir library between the levels of read and readdir. When 4.1 is released, I plan to cvsup to 4.1-R and redo these tests more thoroughly. Maybe your patch is enough to prevent the panic, and maybe the readdir problem is separate bug. I'll let you know. --Mark ---------- /* * List directory contents with opendir and readdir. * Basically the same as "ls -1af". */ #include #include #include void my_err(char *mesg) { printf("Error: %s\n", mesg); exit(1); } int main(int argc, char **argv) { DIR *dp; struct dirent *de; int n; if ( argc < 2 ) my_err("missing directory"); if ( (dp = opendir(argv[1])) == NULL ) my_err("unable to open directory"); n = 0; while ( (de = readdir(dp)) != NULL ) { printf("%s\n", de->d_name); n++; } printf("Total: %d files\n", n); return 0; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message