We have a function that mount/umounts a file system a part of a sanity
check. When the operation is done rapidly(you really don't want to know) it
uncovers a problem with mounting a raw device with a block size less than
1KiB (size of the on disk data structure). The code always reads a block
(pmp->pm_BytesPerSec), the problem comes when the buffer is the last one
in a page, and the following page is not mapped. The code reads beyond the
512 bytes in the original read, causing a seg fault in our case. I don't
understand why the code doesn't insure the read to be minimum of the
structure being read from the device.
I tried to send this once before, but appear to have mucked it up. For
now we have a working fix/
Discussed the change with Matt, resulting in the following diff:
/* $NetBSD: msdosfs_vfsops.c,v 1.68.6.2 2009/02/08 19:10:44 snj Exp $ */
@@ -783,14 +784,15 @@
*/
if (pmp->pm_fsinfo) {
struct fsinfo *fp;
-
+ const int rdsz = roundup(sizeof(struct fsinfo),
+ pmp->pm_BytesPerSec);
/*
* XXX If the fsinfo block is stored on media with
* 2KB or larger sectors, is the fsinfo structure
* padded at the end or in the middle?
*/
if ((error = bread(devvp, de_bn2kb(pmp, pmp->pm_fsinfo),
- pmp->pm_BytesPerSec, NOCRED, 0, &bp)) != 0)
+ rdsz, NOCRED, 0, &bp)) != 0)
goto error_exit;
fp = (struct fsinfo *)bp->b_data;
if (!memcmp(fp->fsisig1, "RRaA", 4)
==
