Date: Sat, 7 Oct 2000 04:16:33 +0200 (CEST) From: mbendiks@eunet.no To: FreeBSD-gnats-submit@freebsd.org Subject: kern/21808: [patches] OpenBSD errata 008 still applies to FreeBSD Message-ID: <200010070216.EAA23676@suiram.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 21808
>Category: kern
>Synopsis: [patches] msdosfs incorrectly handles vnode locking
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 06 21:40:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Marius Bendiksen
>Release: FreeBSD 4.1-RELEASE i386
>Organization:
n/a
>Environment:
not relevant.
>Description:
In a number of functions, msdosfs incorrectly attempts to use vnodes
that have previously been released. This could cause problems, given
MP systems, for example. This is a straight import of errata 008 for
OpenBSD 2.7.
>How-To-Repeat:
not known.
>Fix:
In /sys/msdosfs; diff -u4 patches follow:
--- msdosfs_vnops.c.orig Tue Aug 29 16:45:48 2000
+++ msdosfs_vnops.c Sun Sep 24 14:02:42 2000
@@ -1056,9 +1056,9 @@
if (VTODE(fdvp)->de_StartCluster != VTODE(tdvp)->de_StartCluster)
newparent = 1;
if (doingdirectory && newparent) {
if (error) /* write access check above */
- goto bad;
+ goto bad1;
if (xp != NULL)
vput(tvp);
/*
* doscheckpath() vput()'s dp,
@@ -1084,22 +1084,22 @@
*/
if (xp->de_Attributes & ATTR_DIRECTORY) {
if (!dosdirempty(xp)) {
error = ENOTEMPTY;
- goto bad;
+ goto bad1;
}
if (!doingdirectory) {
error = ENOTDIR;
- goto bad;
+ goto bad1;
}
cache_purge(tdvp);
} else if (doingdirectory) {
error = EISDIR;
- goto bad;
+ goto bad1;
}
error = removede(dp, xp);
if (error)
- goto bad;
+ goto bad1;
vput(tvp);
xp = NULL;
}
@@ -1109,9 +1109,9 @@
* file/directory.
*/
error = uniqdosname(VTODE(tdvp), tcnp, toname);
if (error)
- goto abortit;
+ goto bad1;
/*
* Since from wasn't locked at various places above,
* have to do a relookup here.
@@ -1151,9 +1151,8 @@
if (xp != ip) {
if (doingdirectory)
panic("rename: lost dir entry");
vrele(ap->a_fvp);
- VOP_UNLOCK(fvp, 0, p);
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
xp = NULL;
} else {
@@ -1176,9 +1175,8 @@
if (error) {
bcopy(oldname, ip->de_Name, 11);
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
- VOP_UNLOCK(fvp, 0, p);
goto bad;
}
ip->de_refcnt++;
zp->de_fndoffset = from_diroffset;
@@ -1186,9 +1184,8 @@
if (error) {
/* XXX should really panic here, fs is corrupt */
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
- VOP_UNLOCK(fvp, 0, p);
goto bad;
}
if (!doingdirectory) {
error = pcbmap(dp, de_cluster(pmp, to_diroffset), 0,
@@ -1196,9 +1193,8 @@
if (error) {
/* XXX should really panic here, fs is corrupt */
if (newparent)
VOP_UNLOCK(fdvp, 0, p);
- VOP_UNLOCK(fvp, 0, p);
goto bad;
}
if (ip->de_dirclust == MSDOSFSROOT)
ip->de_diroffset = to_diroffset;
@@ -1225,9 +1221,8 @@
NOCRED, &bp);
if (error) {
/* XXX should really panic here, fs is corrupt */
brelse(bp);
- VOP_UNLOCK(fvp, 0, p);
goto bad;
}
dotdotp = (struct direntry *)bp->b_data + 1;
putushort(dotdotp->deStartCluster, dp->de_StartCluster);
@@ -1235,21 +1230,21 @@
putushort(dotdotp->deHighClust, dp->de_StartCluster >> 16);
error = bwrite(bp);
if (error) {
/* XXX should really panic here, fs is corrupt */
- VOP_UNLOCK(fvp, 0, p);
goto bad;
}
}
- VOP_UNLOCK(fvp, 0, p);
bad:
+ VOP_UNLOCK(fvp, 0, p);
+ vrele(fdvp);
+bad1:
if (xp)
vput(tvp);
vput(tdvp);
out:
ip->de_flag &= ~DE_RENAME;
- vrele(fdvp);
vrele(fvp);
return (error);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010070216.EAA23676>