c2819440b3
can easily block in bread(), and then there was nothing to prevent the
static buffer (nambuf_{ptr,len,last_id}) being clobbered by another
thread.
The effects of the bug seem to have been limited to failed lookups and
mangled names in readdir(), since Giant locking provides enough
serialization to prevent concurrent calls to the functions that access
the buffer. They were very obvious for multiple concurrent tree walks,
especially with a small cluster size.
The bug was introduced in msdosfs_conv.c 1.34 and associated changes,
and is in all releases starting with 5.2.
The fix is to allocate the buffer as a local variable and pass around
pointers to it like "_r" functions in libc do. Stack use from this
is large but not too large. This also fixes a memory leak on module
unload.
Reviewed by: kib
Approved by: re (kensmith)
|
||
|---|---|---|
| .. | ||
| bootsect.h | ||
| bpb.h | ||
| denode.h | ||
| direntry.h | ||
| fat.h | ||
| msdosfs_conv.c | ||
| msdosfs_denode.c | ||
| msdosfs_fat.c | ||
| msdosfs_fileno.c | ||
| msdosfs_iconv.c | ||
| msdosfs_lookup.c | ||
| msdosfs_vfsops.c | ||
| msdosfs_vnops.c | ||
| msdosfsmount.h | ||