Date: Fri, 1 Feb 2002 17:27:15 -0600 (CST) From: toasty <toasty@dragondata.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/34539: [PATCH] fsck(8) doesn't account for negative values in some signed fields Message-ID: <200202012327.g11NRFu02041@gw.kevinday.com>
next in thread | raw e-mail | index | archive | help
>Number: 34539
>Category: bin
>Synopsis: [PATCH] fsck(8) doesn't account for negative values in some signed fields
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 01 14:40:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: toasty
>Release: FreeBSD 4.4-RELEASE i386
>Organization:
DragonData
>Environment:
System: FreeBSD gw.kevinday.com 4.4-RELEASE FreeBSD 4.4-RELEASE #4: Thu Jan 17 23:34:34 CST 2002 toasty@gw.kevinday.com:/usr/src/sys/compile/GW i386
>Description:
In fs.h:
/*
* Cylinder group block for a file system.
*/
struct cg {
...
int32_t cg_rotor; /* position of last used block */
int32_t cg_frotor; /* position of last used frag */
int32_t cg_irotor; /* position of last used inode */
...
}
these are signed fields, but fsck never checks for negative values. We had a
system crash, and come back with negative values in a few irotor fields on
a FS. Fsck says the FS was fine, but the kernel crashed every time that
CG was used.
I discussed this with a few people. I originally suggested changing this to
an unsigned value, but it was pointed out that NetBSD tried this and it
ended up being quite a bit of work. My patch below checks for
negative numbers, and corrects them.
>How-To-Repeat:
>Fix:
--- pass5.c.orig Fri Feb 1 17:16:48 2002
+++ pass5.c Fri Feb 1 17:18:19 2002
@@ -195,15 +195,15 @@
newcg->cg_cs.cs_nffree = 0;
newcg->cg_cs.cs_nbfree = 0;
newcg->cg_cs.cs_nifree = fs->fs_ipg;
- if (cg->cg_rotor < newcg->cg_ndblk)
+ if ((cg->cg_rotor < newcg->cg_ndblk) && (cg->cg_rotor > 0))
newcg->cg_rotor = cg->cg_rotor;
else
newcg->cg_rotor = 0;
- if (cg->cg_frotor < newcg->cg_ndblk)
+ if ((cg->cg_frotor < newcg->cg_ndblk) && (cg->cg_frotor > 0))
newcg->cg_frotor = cg->cg_frotor;
else
newcg->cg_frotor = 0;
- if (cg->cg_irotor < newcg->cg_niblk)
+ if ((cg->cg_irotor < newcg->cg_niblk) && (cg->cg_irotor > 0))
newcg->cg_irotor = cg->cg_irotor;
else
newcg->cg_irotor = 0;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202012327.g11NRFu02041>