From owner-freebsd-bugs@FreeBSD.ORG  Tue Jun 24 12:50:23 2003
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 002F737B401
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 24 Jun 2003 12:50:22 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F332C43FA3
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 24 Jun 2003 12:50:21 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h5OJoLUp016710
	for <freebsd-bugs@freefall.freebsd.org>;
	Tue, 24 Jun 2003 12:50:21 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h5OJoLgE016709;
	Tue, 24 Jun 2003 12:50:21 -0700 (PDT)
Resent-Date: Tue, 24 Jun 2003 12:50:21 -0700 (PDT)
Resent-Message-Id: <200306241950.h5OJoLgE016709@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	skywizard@MyBSD.org.my
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 37DDB37B404; Tue, 24 Jun 2003 12:47:22 -0700 (PDT)
Received: from TOMOYO.MyBSD.ORG.MY (router.ded2.com [202.157.183.149])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 7189143F93; Tue, 24 Jun 2003 12:47:20 -0700 (PDT)
	(envelope-from skywizard@TOMOYO.MyBSD.ORG.MY)
Received: from TOMOYO.MyBSD.ORG.MY (localhost [127.0.0.1])
	by TOMOYO.MyBSD.ORG.MY (8.12.9/8.12.3) with ESMTP id h5OJnMBe062643;
	Wed, 25 Jun 2003 03:49:22 +0800 (MYT)
	(envelope-from skywizard@TOMOYO.MyBSD.ORG.MY)
Received: (from skywizard@localhost)
	by TOMOYO.MyBSD.ORG.MY (8.12.9/8.12.3/Submit) id h5OJnMH4062642;
	Wed, 25 Jun 2003 03:49:22 +0800 (MYT)
Message-Id: <200306241949.h5OJnMH4062642@TOMOYO.MyBSD.ORG.MY>
Date: Wed, 25 Jun 2003 03:49:22 +0800 (MYT)
From: skywizard@MyBSD.org.my
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
cc: freebsd-fs@FreeBSD.org
cc: freebsd-current@FreeBSD.org
cc: freebsd-stable@FreeBSD.org
Subject: kern/53695: truncate operation on fat32 may corrupt the file system
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: skywizard@MyBSD.org.my
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2003 19:50:23 -0000


>Number:         53695
>Category:       kern
>Synopsis:       truncate operation on fat32 may corrupt the file system
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 24 12:50:19 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Ariff Abdullah
>Release:        FreeBSD 4.7-RELEASE i386
>Organization:
MyBSD
>Environment:
System: 4.7-RELEASE, 5.1-RELEASE (GENERIC)


>Description:
	Truncate operation involving truncate() or ftruncate() on
	FAT32 mounted as msdos either failed or silently corrupting
	the file or even worse, corrupting the neighbour file reiside
	in the same partition/file system.

>How-To-Repeat:
	# cd /to/fat32/partition/
	# dd if=/dev/zero of=XX bs=4099 count=1
	# truncate -s 4097 XX
	truncate: XX: Argument list too long

	errno E2BIG

>Fix:
--- /usr/src/sys/msdosfs/msdosfs_denode.c.orig	Tue Jun 24 06:01:09 2003
+++ /usr/src/sys/msdosfs/msdosfs_denode.c	Tue Jun 24 05:53:41 2003
@@ -501,26 +501,19 @@
 			bn = cntobn(pmp, eofentry);
 			error = bread(pmp->pm_devvp, bn, pmp->pm_bpcluster,
 			    NOCRED, &bp);
-		} else {
-			bn = de_blk(pmp, length);
-			error = bread(DETOV(dep), bn, pmp->pm_bpcluster,
-			    NOCRED, &bp);
-		}
-		if (error) {
-			brelse(bp);
+			if (error) {
+				brelse(bp);
 #ifdef MSDOSFS_DEBUG
-			printf("detrunc(): bread fails %d\n", error);
+				printf("detrunc(): bread fails %d\n", error);
 #endif
-			return (error);
+				return (error);
+			}
+			bzero(bp->b_data + boff, pmp->pm_bpcluster - boff);
+			if (flags & IO_SYNC)
+				bwrite(bp);
+			else
+				bdwrite(bp);
 		}
-		/*
-		 * is this the right place for it?
-		 */
-		bzero(bp->b_data + boff, pmp->pm_bpcluster - boff);
-		if (flags & IO_SYNC)
-			bwrite(bp);
-		else
-			bdwrite(bp);
 	}
 
 	/*


>Release-Note:
>Audit-Trail:
>Unformatted: