Plan 9 from Bell Labs’s /usr/web/sources/patch/maybe/cfs-rstatctlbug/readme

Copyright © 2021 Plan 9 Foundation.
Distributed under the MIT License.
Download the Plan 9 distribution. 


SUMARY

There's a bug in how cfs(4) prepares Rstat for 'cfsctl' syntetic file
which results in cfs suicide if Tstat is requested on the file.

TESTCASE

cfs -S -a tcp!sources.cs.bell-labs.com -f /dev/sdE0/cache /n/sources
syscall -s fstat 0 buf 1024 </n/sources/cfsctl

EXPEXTED OUTPUT

syscall: return 67, no error
[none] (5555555555555555 0 00) --r--r--r-- (444) M 203 none none 1054 Oct 21 14:07 cfsctl
	mtime: Fri Oct 21 14:07:24 EET 2011 (1319195244)
	atime: Fri Oct 21 14:07:24 EET 2011 (1319195244)

ACTUAL OUTPUT

cfs 104806: suicide: sys: trap: fault write addr=0x55555555 pc=0x0000e8b5
syscall: return -1, error:mount rpc error

REASON

convD2M is called to marshal Dir structure to an unallocated buffer.
The global 'statbuf' is used in ramfs for this purpose, but in cfs is
had been reused to hold statistics data to send to client who reads
'cfsctl'.

FIX

Provide a buffer for convD2M on stack.

Bell Labs OSI certified Powered by Plan 9

(Return to Plan 9 Home Page)

Copyright © 2021 Plan 9 Foundation. All Rights Reserved.
Comments to [email protected].