From dima@tejblum.dnttm.rssi.ru  Tue Aug 26 08:17:59 1997
Received: from helios.dnttm.ru (root@dnttm.wave.ras.ru [194.85.104.197])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id IAA16198;
          Tue, 26 Aug 1997 08:17:49 -0700 (PDT)
Received: (from uucp@localhost)
	by helios.dnttm.ru (8.8.5/8.8.5/IP-3) with UUCP id TAA21355;
	Tue, 26 Aug 1997 19:16:18 +0400
Received: (from dima@localhost)
	by tejblum.dnttm.rssi.ru (8.8.7/8.8.5) id TAA00687;
	Tue, 26 Aug 1997 19:11:03 +0400 (MSD)
Message-Id: <199708261511.TAA00687@tejblum.dnttm.rssi.ru>
Date: Tue, 26 Aug 1997 19:11:03 +0400 (MSD)
From: Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
Reply-To: dima@tejblum.dnttm.rssi.ru
To: FreeBSD-gnats-submit@freebsd.org
Cc: julian@freebsd.org
Subject: DEVFS trashes memory in umount
X-Send-Pr-Version: 3.2

>Number:         4397
>Category:       kern
>Synopsis:       DEVFS trashes memory in umount
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    steve
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 26 08:20:03 PDT 1997
>Closed-Date:    Tue Aug 26 20:12:57 PDT 1997
>Last-Modified:  Tue Aug 26 20:14:48 PDT 1997
>Originator:     Dmitrij Tejblum
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
>Environment:


>Description:

List of links to one device is not properly linked. This caused memory trash
when the list is destroyed.

>How-To-Repeat:

unmount DEVFS and then mount it again. You may see message 
'Data modified on freelist' printed on console.

>Fix:
	
--- devfs_tree.c.02	Tue Aug 26 00:44:04 1997
+++ devfs_tree.c	Tue Aug 26 00:51:07 1997
@@ -271,6 +271,7 @@
 		devnmp->nextlink = dnp->linklist;
 		devnmp->prevlinkp = devnmp->nextlink->prevlinkp;
 		devnmp->nextlink->prevlinkp = &(devnmp->nextlink);
+		*devnmp->prevlinkp = devnmp;
 		dnp->linklist = devnmp;
 	} else {
 		devnmp->nextlink = devnmp;

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Tue Aug 26 20:12:57 PDT 1997 
State-Changed-Why:  
Patch applied by Julian Elischer in revision 1.38 
of src/sys/miscfs/devfs/devfs_tree.c.  Thanks! 

>Unformatted:
