From mpp@mpp.com  Sun Apr  9 09:03:40 1995
Received: from mpp.com (dialup-3-206.gw.umn.edu [134.84.101.206])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA25589
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 9 Apr 1995 09:03:34 -0700
Received: (from mpp@localhost) by mpp.com (8.6.11/8.6.9) id LAA00372; Sun, 9 Apr 1995 11:01:57 -0500
Message-Id: <199504091601.LAA00372@mpp.com>
Date: Sun, 9 Apr 1995 11:01:57 -0500
From: pritc003@maroon.tc.umn.edu
Reply-To: pritc003@maroon.tc.umn.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: link system call on msdos filesystem causes panic
X-Send-Pr-Version: 3.2

>Number:         312
>Category:       kern
>Synopsis:       link system call on msdos filesystem causes panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Apr  9 09:10:01 1995
>Closed-Date:    Tue Apr 11 11:32:30 PDT 1995
>Last-Modified:
>Originator:     Mike Pritchard
>Release:        FreeBSD 2.1.0-Development i386
>Organization:
>Environment:

>Description:

If a program does a link("file1", "file2") system call followed by an 
unlink("file1") system call on a msdos file system, the system will 
panic with the following message:

panic: msdosfs_lock: locking against myself

This is because the msdosfs link code does not vput the vnode like
it should before returning.  The link code should also return an
error to the user so that the calling program doesn't accidently 
destroy the file it was attempting to link, thinking that the
link() call actually worked.

>How-To-Repeat:

Compile and run the following program on a msdos file system:

#include <stdio.h>
#include <fcntl.h>

main()
{
	int	fd;

	if ((fd = open("testfile", O_RDWR | O_CREAT, 0666)) < 0) {
		perror("open");
		exit(1);
	}
	if (link("testfile", "newfile") < 0) {
		perror("link");
		exit(1);
	}
	if (unlink("testfile") < 0) {
		perror("unlink");
		exit(1);
	}
	close(fd);
}


>Fix:
	
The attached fix corrects the msdosfs_link() routine to correctly vput 
the vnode before returning, and return an error of EMLINK (too many 
links) to the user.  Feel free to choose another errno if you think
something else is more appropriate.  ENODEV would be my next choice.


*** msdosfs/orig2/msdosfs_vnops.c	Sun Apr  9 10:29:49 1995
--- msdosfs/msdosfs_vnops.c	Sun Apr  9 10:34:30 1995
***************
*** 907,913 ****
  		struct componentname *a_cnp;
  	} */ *ap;
  {
! 	return VOP_ABORTOP(ap->a_vp, ap->a_cnp);
  }
  
  /*
--- 907,915 ----
  		struct componentname *a_cnp;
  	} */ *ap;
  {
! 	VOP_ABORTOP(ap->a_vp, ap->a_cnp);
! 	vput(ap->a_vp);
! 	return EMLINK;
  }
  
  /*
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ache 
State-Changed-When: Tue Apr 11 11:32:30 PDT 1995 
State-Changed-Why:  
Fix applied. 
>Unformatted:



