From owner-freebsd-current@FreeBSD.ORG Wed Mar 24 15:33:45 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 901771065672 for ; Wed, 24 Mar 2010 15:33:45 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id CCE488FC18 for ; Wed, 24 Mar 2010 15:33:43 +0000 (UTC) Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua [212.40.38.101]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id RAA15927; Wed, 24 Mar 2010 17:33:32 +0200 (EET) (envelope-from avg@icyb.net.ua) Message-ID: <4BAA30CB.1070707@icyb.net.ua> Date: Wed, 24 Mar 2010 17:33:31 +0200 From: Andriy Gapon User-Agent: Thunderbird 2.0.0.23 (X11/20100211) MIME-Version: 1.0 To: Paul B Mahol , Fabian Keil References: <3a142e751003190508x6a06868ene2e8fd9ddd977f66@mail.gmail.com> <3a142e751003191021p141af009m6acf7d160c890cbb@mail.gmail.com> <20100319191133.46fe271c@r500.local> <3a142e751003191126j331e525fwb9e5573bbf6f7d58@mail.gmail.com> In-Reply-To: <3a142e751003191126j331e525fwb9e5573bbf6f7d58@mail.gmail.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Kostik Belousov , freebsd-current@freebsd.org Subject: Re: newfs_msdos and DVD-RAM X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2010 15:33:45 -0000 on 19/03/2010 20:26 Paul B Mahol said the following: > On Fri, Mar 19, 2010 at 7:11 PM, Fabian Keil > wrote: >> Paul B Mahol wrote: >> >>> FreeBSD 9.0 CURRENT panics when mounting file system created via >>> newfs_msdos on DVD-RAM disc. >>> Something to do about divide by zero. >> I recently had a similar problem with a 16GB iPod. I still haven't >> managed to actually mount it, but the patch below at least works >> around the panic. >> >> Does it work for you, too? > > Obviously it will fix panic, but will not allow to mount. Zero value > should be handled > already much before. It looks the real bug is in newfs_msdos. > Looking at the code in mountmsdosfs(), it seems that SecPerClust can have zero value at the place of the crash only if pm_BlkPerSec is zero. See this line and the check above it: SecPerClust *= pmp->pm_BlkPerSec; But that is impossible because of the same if statement. In my opinion, the only possible explanation is an overflow of a SecPerClust value. Given that its type is u_int8_t, it seems plausible. It would be really nice if people who can reproduce this issue could either add a couple of printfs before the quoted above line or examined a crashdump to determine values of SecPerClust and pm_BlkPerSec before the multiplication. Could you guys please do it? Thanks! -- Andriy Gapon