Date: Fri, 19 Oct 2001 12:16:58 -0600 From: Chad David <davidc@acns.ab.ca> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: freebsd-current@FreeBSD.ORG Subject: Re: disk_clone() bug Message-ID: <20011019121658.A13678@colnta.internal> In-Reply-To: <16544.1003503616@critter.freebsd.dk>; from phk@critter.freebsd.dk on Fri, Oct 19, 2001 at 05:00:16PM %2B0200 References: <20011019022229.A90892@colnta.internal> <16544.1003503616@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 19, 2001 at 05:00:16PM +0200, Poul-Henning Kamp wrote:
>
> Sounds like the bug is the md driver cloning "md10ec" which it shouldn't
> do. This bug must naturally be in md_clone(), but I don't have the
> minutes right now to hunt it down.
>
> Should be quite simple to nail, it's just some string handling code.
I might be missing something again, so please be kind :).
First, there is not such function md_clone(), so I assume you mean
disk_clone()?
My analysis of this is that devfs_lookupx() attempts to have the driver
create any files that it does not have nodes for:
EVENTHANDLER_INVOKE(dev_clone, pname, strlen(pname), &cdev);
on line 339 of devfs_vnops.c.
The invoke will eventually end up calling disk_clone() which will attempt
to create the device, and then devfs_lookupx() will happily make the file
visable.
The code in disk_clone() looks for a device name that matches the start of
the name we are looking up, and if it finds it tries to make sure the
remander of the name matches the proper disk device naming convention.
If it does end up matching then it creates the minor device with the name
given. The problem is that it does not verify that the given name does not
contain any characters after the partition. So instead of seeing md10ec it
only sees md10e, and passes it on to make_dev(). The real issue is that the
minor number for md10ec and md10e are the same, so of course make_dev() is
unhappy when makedev() returns an named dev_t.
My original patch silently cut off the last part of the file name, which is
probably not correct. IMHO the code should fail first, ask questions later.
Dima's patch from around the end of July handles it properly I believe.
Something like this:
@@ -82,6 +82,11 @@
continue;
else
p = name[i] - 'a';
+
+ if (name[i + 1] != '\0') {
+ printf("WARNING: bad device name (\"%s\")\n", name);
+ return;
+ }
}
*dev = make_dev(pdev->si_devsw, dkmakeminor(u, s, p),
Note that this has nothing to do with md. Any device that is cloned by
disk_clone() will do the same thing. Just doing an ls -l ad2eeec followed
by ls -l ad2e will print the same "Driver mistake" message.
--
Chad David davidc@acns.ab.ca
ACNS Inc. Calgary, Alberta Canada
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011019121658.A13678>