On Mon, Jun 16, 2014 at 04:43:02PM -0700, John-Mark Gurney wrote: > FreeBSD fixed this by increasing the malloc size: > https://svnweb.freebsd.org/changeset/base/r126086
Which is actually the correct way to do here! pmp->pm_maxcluster is the largest valid _index_ of pmp->pm_inusemap, therefore we must allocate pmp->pm_maxcluster + 1. The "howmany" in fillinusemap took that into account. Instead of writing + 1 - 1, it is skipped. In msdosfs_mountfs, it's missing... So I will vote for FreeBSD's commit instead: Introducing howmany macro AND doing the same in msdosfs_fat.c to help the next person looking at that code to see: 1) that we have the same fix as FreeBSD 2) that these values are in sync. Tobias Index: msdosfs_fat.c =================================================================== RCS file: /cvs/src/sys/msdosfs/msdosfs_fat.c,v retrieving revision 1.24 diff -u -p -r1.24 msdosfs_fat.c --- msdosfs_fat.c 11 Jun 2013 16:42:16 -0000 1.24 +++ msdosfs_fat.c 17 Jun 2014 21:32:55 -0000 @@ -866,7 +866,7 @@ fillinusemap(struct msdosfsmount *pmp) * Mark all clusters in use, we mark the free ones in the fat scan * loop further down. */ - for (cn = 0; cn < (pmp->pm_maxcluster + N_INUSEBITS) / N_INUSEBITS; cn++) + for (cn = 0; cn < howmany(pmp->pm_maxcluster + 1, N_INUSEBITS); cn++) pmp->pm_inusemap[cn] = (u_int)-1; /* Index: msdosfs_vfsops.c =================================================================== RCS file: /cvs/src/sys/msdosfs/msdosfs_vfsops.c,v retrieving revision 1.65 diff -u -p -r1.65 msdosfs_vfsops.c --- msdosfs_vfsops.c 27 May 2014 21:52:19 -0000 1.65 +++ msdosfs_vfsops.c 17 Jun 2014 21:32:55 -0000 @@ -517,7 +517,7 @@ msdosfs_mountfs(struct vnode *devvp, str * Allocate memory for the bitmap of allocated clusters, and then * fill it in. */ - bmapsiz = (pmp->pm_maxcluster + N_INUSEBITS - 1) / N_INUSEBITS; + bmapsiz = howmany(pmp->pm_maxcluster + 1, N_INUSEBITS); if (bmapsiz == 0 || SIZE_MAX / bmapsiz < sizeof(*pmp->pm_inusemap)) { /* detect multiplicative integer overflow */ error = EINVAL;