From owner-freebsd-stable@FreeBSD.ORG Tue Jun 24 12:47:22 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37DDB37B404; Tue, 24 Jun 2003 12:47:22 -0700 (PDT) Received: from TOMOYO.MyBSD.ORG.MY (router.ded2.com [202.157.183.149]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7189143F93; Tue, 24 Jun 2003 12:47:20 -0700 (PDT) (envelope-from skywizard@TOMOYO.MyBSD.ORG.MY) Received: from TOMOYO.MyBSD.ORG.MY (localhost [127.0.0.1]) by TOMOYO.MyBSD.ORG.MY (8.12.9/8.12.3) with ESMTP id h5OJnMBe062643; Wed, 25 Jun 2003 03:49:22 +0800 (MYT) (envelope-from skywizard@TOMOYO.MyBSD.ORG.MY) Received: (from skywizard@localhost) by TOMOYO.MyBSD.ORG.MY (8.12.9/8.12.3/Submit) id h5OJnMH4062642; Wed, 25 Jun 2003 03:49:22 +0800 (MYT) Date: Wed, 25 Jun 2003 03:49:22 +0800 (MYT) Message-Id: <200306241949.h5OJnMH4062642@TOMOYO.MyBSD.ORG.MY> To: FreeBSD-gnats-submit@freebsd.org From: skywizard@MyBSD.org.my X-send-pr-version: 3.113 X-GNATS-Notify: cc: freebsd-fs@freebsd.org cc: freebsd-current@freebsd.org cc: freebsd-stable@freebsd.org Subject: truncate operation on fat32 may corrupt the file system X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: skywizard@MyBSD.org.my List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2003 19:47:22 -0000 >Submitter-Id: current-users >Originator: Ariff Abdullah >Organization: MyBSD >Confidential: no >Synopsis: truncate operation on fat32 may corrupt the file system >Severity: critical >Priority: high >Category: kern >Class: sw-bug >Release: FreeBSD 4.7-RELEASE i386 >Environment: System: 4.7-RELEASE, 5.1-RELEASE (GENERIC) >Description: Truncate operation involving truncate() or ftruncate() on FAT32 mounted as msdos either failed or silently corrupting the file or even worse, corrupting the neighbour file reiside in the same partition/file system. >How-To-Repeat: # cd /to/fat32/partition/ # dd if=/dev/zero of=XX bs=4099 count=1 # truncate -s 4097 XX truncate: XX: Argument list too long errno E2BIG >Fix: --- /usr/src/sys/msdosfs/msdosfs_denode.c.orig Tue Jun 24 06:01:09 2003 +++ /usr/src/sys/msdosfs/msdosfs_denode.c Tue Jun 24 05:53:41 2003 @@ -501,26 +501,19 @@ bn = cntobn(pmp, eofentry); error = bread(pmp->pm_devvp, bn, pmp->pm_bpcluster, NOCRED, &bp); - } else { - bn = de_blk(pmp, length); - error = bread(DETOV(dep), bn, pmp->pm_bpcluster, - NOCRED, &bp); - } - if (error) { - brelse(bp); + if (error) { + brelse(bp); #ifdef MSDOSFS_DEBUG - printf("detrunc(): bread fails %d\n", error); + printf("detrunc(): bread fails %d\n", error); #endif - return (error); + return (error); + } + bzero(bp->b_data + boff, pmp->pm_bpcluster - boff); + if (flags & IO_SYNC) + bwrite(bp); + else + bdwrite(bp); } - /* - * is this the right place for it? - */ - bzero(bp->b_data + boff, pmp->pm_bpcluster - boff); - if (flags & IO_SYNC) - bwrite(bp); - else - bdwrite(bp); } /*