Date: Sat, 7 Jul 2007 19:47:12 GMT From: Craig Rodrigues <rodrigc@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/114389: MOKB testcase causes kernel to crash in UFS mount code Message-ID: <200707071947.l67JlB7c034951@www.freebsd.org> Resent-Message-ID: <200707071950.l67Jo80w044595@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 114389 >Category: kern >Synopsis: MOKB testcase causes kernel to crash in UFS mount code >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jul 07 19:50:08 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Craig Rodrigues >Release: CURRENT >Organization: >Environment: FreeBSD 7.0-CURRENT FreeBSD 7.0-CURRENT #24: Sat Jul 7 15:09:35 EDT 2007 /usr/obj/usr/src/sys/MYKERNEL1 i386 >Description: The testcase at: http://projects.info-pull.com/mokb/MOKB-08-11-2006.html can cause the kernel to crash in the UFS mount code. >How-To-Repeat: (1) fetch http://projects.info-pull.com/mokb/bug-files/MOKB-08-11-2006.img.bz2 (2) bunzip2 MOKB-08-11-2006.img.bz2 (3) mdconfig -a -t vnode -f ./MOKB-08-11-2006.img -u 0 (4) mount /dev/md0 /mnt >Fix: See attached patch. Patch attached with submission follows: Index: ffs_vnops.c =================================================================== RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_vnops.c,v retrieving revision 1.172 diff -u -u -r1.172 ffs_vnops.c --- ffs_vnops.c 12 Jun 2007 00:12:01 -0000 1.172 +++ ffs_vnops.c 7 Jul 2007 19:46:36 -0000 @@ -1192,14 +1192,18 @@ { struct inode *ip; struct ufs2_dinode *dp; + struct fs *fs; struct uio luio; struct iovec liovec; int easize, error; u_char *eae; ip = VTOI(vp); + fs = ip->i_fs; dp = ip->i_din2; easize = dp->di_extsize; + if ((uoff_t)(easize + extra) > NXADDR * fs->fs_bsize) + return (EFBIG); eae = malloc(easize + extra, M_TEMP, M_WAITOK); >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707071947.l67JlB7c034951>