From gdonl@tsc.tdk.com  Tue Sep 22 18:17:27 1998
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA18531
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Sep 1998 18:17:26 -0700 (PDT)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id SAA03290
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Sep 1998 18:16:55 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from w3.gv.tsc.tdk.com (gdonl@w3.gv.tsc.tdk.com [192.168.240.195])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id SAA05939
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 22 Sep 1998 18:16:54 -0700 (PDT)
Received: (from gdonl@localhost)
	by w3.gv.tsc.tdk.com (8.8.8/8.8.5) id SAA07599;
	Tue, 22 Sep 1998 18:16:52 -0700 (PDT)
Message-Id: <199809230116.SAA07599@w3.gv.tsc.tdk.com>
Date: Tue, 22 Sep 1998 18:16:52 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Reply-To: gdonl@tsc.tdk.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] fsck -p corrupts filesystem and marks it clean
X-Send-Pr-Version: 3.2

>Number:         8030
>Category:       bin
>Synopsis:       when fsck reconnects an orphaned directory it mucks up the ref count of the previous .. directory
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    nate
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 22 18:20:00 PDT 1998
>Closed-Date:    Tue Sep 22 22:37:44 PDT 1998
>Last-Modified:  Tue Sep 22 22:50:01 PDT 1998
>Originator:     Don Lewis
>Release:        FreeBSD 3.0-BETA i386
>Organization:
TDK Semiconductor Corp.
>Environment:

FreeBSD 3.0 only.  This problem does not seem to be present in 2.2.x or 2.1.x.

>Description:

Two patches were made to the linkup() function in fsck to cause it to
reduce the reference count of a directory if an orphaned directory is
reconnected under lost+found and the orphaned directory had a .. link
pointing to the first directory.  The first patch was made by Terry Lambert
and the second patch was introduced by the Lite2 merge.

The combination of the two patches causes fsck to decrement the reference
count twice.  A situation where the reference count on a file or directory
is *bad*.  What's worse is that the preen operation of fsck can take a
slightly inconsistent filesystem, corrupt it in this manner, then set the
clean flag so that fsck won't check the filesystem again in the future.

I believe that Terry's patch is more desirable, since it only adjusts the
reference count if the ophaned directory is actually reconnected and its
.. link changed.

>How-To-Repeat:

Start with an ordinary formatted floppy and ...
# newfs -t 2 -u 18 -l 1 fd0
# mount /dev/fd0 /mnt
# mount /dev/fd0 /mnt
# umount /dev/fd0
# fsck /dev/fd0
# fsdb /dev/rfd0
fsdb (inum: 256)> cd /a
fsdb (inum: 128)> rm b
fsdb (inum: 256)> quit
fsdb (inum: 256)> quit
fsdb (inum: 256)> quit
# fsck -p /dev/rfd0		# corrupts filesystem and sets clean flag
# fsck -p /dev/rfd0		# ignores corrupted filesystem
# fsck /dev/rfd0		# repairs filesystem damage


>Fix:
	
Back out patch from Lite2.

--- fsck/dir.c.orig	Sun Jun 28 12:23:02 1998
+++ fsck/dir.c	Tue Sep 22 16:56:10 1998
@@ -417,8 +417,6 @@
 	else
 		if (reply("RECONNECT") == 0)
 			return (0);
-	if (parentdir != 0)
-		lncntp[parentdir]++;
 	if (lfdir == 0) {
 		dp = ginode(ROOTINO);
 		idesc.id_name = lfname;

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: nate 
State-Changed-When: Tue Sep 22 22:37:44 PDT 1998 
State-Changed-Why:  
Fixed in revision 1.12 
date: 1998/09/23 05:37:35;  author: nate;  state: Exp;  lines: +1 -3 
- Back out softupdate change that already existed in FreeBSD from V1.6, 
which caused the reference count of a directory to get doubly 
decremented. 

[ This change actually was part of the original softupdates patch, and not Lite2 
~v 


Responsible-Changed-From-To: freebsd-bugs->nate 
Responsible-Changed-By: nate 
Responsible-Changed-When: Tue Sep 22 22:37:44 PDT 1998 
Responsible-Changed-Why:  
I did the original patch, why not take the heat for this one as well. :) 

From: Nate Williams <nate@mt.sri.com>
To: gdonl@tsc.tdk.com
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/8030: [PATCH] fsck -p corrupts filesystem and marks it clean
Date: Tue, 22 Sep 1998 23:40:16 -0600

 > >Number:         8030
 > >Category:       bin
 > >Synopsis:       when fsck reconnects an orphaned directory it mucks up the ref count of the previous .. directory
 > >Confidential:   no
 > >Severity:       serious
 > >Priority:       high
 > >Responsible:    freebsd-bugs
 ..
 > >Description:
 > 
 > Two patches were made to the linkup() function in fsck to cause it to
 > reduce the reference count of a directory if an orphaned directory is
 > reconnected under lost+found and the orphaned directory had a .. link
 > pointing to the first directory.  The first patch was made by Terry Lambert
 > and the second patch was introduced by the Lite2 merge.
 
 Great detective work Don.  Thanks for making it so easy to
 review/recreate the bug!
 
 
 Nate
>Unformatted:
