patch to fix issue 739
Nicolas Thery
nthery at gmail.com
Mon Jul 30 02:20:49 PDT 2007
Hello,
I reckon the following patch fixes http://bugs.dragonflybsd.org/issue739.
I couldn't reproduce the issue, so I simply rebuilt the kernel to test
this patch.
When the collision occurs in deget(), the newly created vnode (nvp) is
destroyed.
At this point, nvp->v_data does not yet point to the denode (ldep) and is
presumably NULL, so when nvp->v_data is dereferenced in msdosfs_inactive()
(dep->de_name[0] == SLOT_DELETED), the kernel takes a fault.
The patch simply checks that dep is not NULL before dereferencing it. This
mimics what is done in ufs_inactive() and is documented in
http://www.dragonflybsd.org/cvsweb/src/sys/vfs/ufs/ufs_ihash.c?r1=1.12.
Cheers,
Nicolas
Index: msdosfs_denode.c
===================================================================
RCS file: /home/dcvs/src/sys/vfs/msdosfs/msdosfs_denode.c,v
retrieving revision 1.29
diff -u -r1.29 msdosfs_denode.c
--- msdosfs_denode.c 14 Jun 2007 02:55:27 -0000 1.29
+++ msdosfs_denode.c 29 Jul 2007 19:11:05 -0000
@@ -698,7 +698,7 @@
/*
* Ignore denodes related to stale file handles.
*/
- if (dep->de_Name[0] == SLOT_DELETED)
+ if (dep == NULL || dep->de_Name[0] == SLOT_DELETED)
goto out;
/*
More information about the Submit
mailing list