Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 2 Jun 1996 13:59:35 +0900 (JST)
From:      kato@eclogite.eps.nagoya-u.ac.jp
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/1286: cluster_read() calls strategy routine without B_READ
Message-ID:  <199606020459.NAA01317@marble.eps.nagoya-u.ac.jp>
Resent-Message-ID: <199606020510.WAA00671@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         1286
>Category:       kern
>Synopsis:       cluster_read() calls strategy routine without B_READ
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun  1 22:10:01 PDT 1996
>Last-Modified:
>Originator:     KATO Takenori
>Organization:
Dept. Earth Planet. Sci., Nagoya Univ.,  Nagoya, 464-01, Japan
>Release:        FreeBSD 2.2-CURRENT i386
>Environment:
FreeBSD-current with revision 1.35 of vfs_cluster.c.
FreeBSD-960501-SNAP may contain same problem.

>Description:

The allocbuf() set b_flags == (B_MALLOC | B_BUSY) in certain cases after
the change of vfs_bio.c on Mar 2.  The cruster_rbuild() contains:

	tbp = getblk(vp, lbn, size, 0, 0);
	if (tbp->b_flags & (B_CACHE|B_MALLOC))
		return tbp;

If getblk returns a buffer whose b_flags == B_MALLOC | B_BUSY,
cluster_rbuild() returns a buffer without B_READ.  Then cluster_read()
calls VOP_STRATEGY(), lower level routines assumes that the action is
writing, because B_READ is not set.

I realize this problem with CD-ROM access.  When I execute egrep */* 
for CD-ROM, I got the panic:
	panic: vwakeup: neg numoutput

In addition to above panic, this problem may have potential to crash
file system.
When strategy routine is called by cluster_read without B_READ, lower level
routine assumes writing, and writes wrong data into filesystem.

>How-To-Repeat:

1) mount CD-ROM
2) run egrep */* for CD-ROM

>Fix:
The following patch fix the problem.
---------- BEGIN ----------
*** vfs_cluster.c.ORIG	Sun Jun  2 02:25:51 1996
--- vfs_cluster.c	Sun Jun  2 02:26:04 1996
***************
*** 294,300 ****
  	}
  
  	tbp = getblk(vp, lbn, size, 0, 0);
! 	if (tbp->b_flags & (B_CACHE|B_MALLOC))
  	return tbp;
  
  	tbp->b_blkno = blkno;
--- 294,300 ----
  	}
  
  	tbp = getblk(vp, lbn, size, 0, 0);
! 	if (tbp->b_flags & B_CACHE)
  	return tbp;
  
  	tbp->b_blkno = blkno;
---------- END ----------

>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606020459.NAA01317>