From owner-freebsd-bugs@freebsd.org  Mon Aug 14 05:51:07 2017
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B4071DD6EAF
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Mon, 14 Aug 2017 05:51:07 +0000 (UTC)
 (envelope-from brde@optusnet.com.au)
Received: from mail110.syd.optusnet.com.au (mail110.syd.optusnet.com.au
 [211.29.132.97])
 by mx1.freebsd.org (Postfix) with ESMTP id 7BEE06E871
 for <freebsd-bugs@freebsd.org>; Mon, 14 Aug 2017 05:51:07 +0000 (UTC)
 (envelope-from brde@optusnet.com.au)
Received: from [192.168.0.102] (c110-21-101-228.carlnfd1.nsw.optusnet.com.au
 [110.21.101.228])
 by mail110.syd.optusnet.com.au (Postfix) with ESMTPS id 107EB1033BE
 for <freebsd-bugs@freebsd.org>; Mon, 14 Aug 2017 15:50:59 +1000 (AEST)
Date: Mon, 14 Aug 2017 15:50:58 +1000 (EST)
From: Bruce Evans <brde@optusnet.com.au>
X-X-Sender: bde@besplex.bde.org
cc: freebsd-bugs@freebsd.org
Subject: Re: [Bug 221501] [msdosfs] panic 11.0-RELEASE by mounting a malformed
 msdosfs image
In-Reply-To: <bug-221501-8@https.bugs.freebsd.org/bugzilla/>
Message-ID: <20170814153522.C1020@besplex.bde.org>
References: <bug-221501-8@https.bugs.freebsd.org/bugzilla/>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Optus-CM-Score: 0
X-Optus-CM-Analysis: v=2.2 cv=LI0WeNe9 c=1 sm=1 tr=0
 a=PalzARQSbocsUSjMRkwAPg==:117 a=PalzARQSbocsUSjMRkwAPg==:17
 a=9cW_t1CCXrUA:10 a=kj9zAlcOel0A:10 a=6I5d2MoRAAAA:8
 a=5eHpulbp52FtXQdT5zUA:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 05:51:07 -0000

On Mon, 14 Aug 2017 a big that doesn't want replies@freebsd.org wrote:

> It is possible to panic 11.0-RELEASE by mounting a malformed msdosfs image.

Did you check it with fsck before mounting?  Otherwise the problem is
probably uninteresting.  No file system in FreeBSD except possibly zfs
does much sanity checking at mount time, so it is trivial to construct
images that crash it.

msdosfs actually does much more sanity checking than ffs.  It checks
about 100 bytes where ffs checks about 20.  However, msdosfs is missing
a check of its dirty flag.  This doesn't affect crashing it much, but
it affects damaging the file system further.  ffs allows read-only
mounts of dirty images.  msdosfs also allows red-write mounts of dirty
images.  If you run fsck before mounting, then should set the dirty
flag if it fails.  For ffs, this prevents the read-write case from
getting very far.

Bruce