Return to BSD News archive
Newsgroups: comp.bugs.2bsd
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.hawaii.edu!ames!usenet.kornet.nm.kr!usenet.etri.re.kr!news.kreonet.re.kr!usenet.seri.re.kr!news.cais.net!news.mathworks.com!news.kei.com!nntp.coast.net!oleane!jussieu.fr!math.ohio-state.edu!uwm.edu!lll-winken.llnl.gov!enews.sgi.com!sgigate.sgi.com!news.msfc.nasa.gov!europa.chnt.gtegsc.com!wlbr!moe!sms
From: sms@moe.2bsd.com (Steven M. Schultz)
Subject: mkfs MAXFN too small, malloc(3) debug mode broken (#318)
Organization: 2BSD, Simi Valley CA USA
Message-ID: <Dr4DuD.8yC@moe.2bsd.com>
Date: Thu, 9 May 1996 04:01:24 GMT
Lines: 234
Subject: mkfs MAXFN too small, malloc(3) debug mode broken (#318)
Index: etc/mkfs.c,lib/libc/gen/malloc.c 2.11BSD
Description:
1) The maximum freelist modulus limit of 500 is too small.
2) If malloc(3) is compiled with the 'debug' option on the 'botch'
macro can recursively be called causing a stack underflow.
Repeat-By:
1) Have a disk with 68 sectors per track and 15 heads. The
freelist modulus should be 510 (68 * 15 / 2) but is instead
being limited to 500.
2) Run a program which corrupts the malloc arena and then calls
malloc. Note that you do not see the 'assertion failed' message
just before the program dumps core. Further note that the stack
has been pushed down immediately adjacent to the data segment.
Fix:
The two problems are unrelated. The fixes were lumped together
in one patch because they are both small.
The C library does *not* need to be recompiled at this time. The
change to malloc.c is intended for those cases where a copy of
malloc.c is made for local compilation when debugging a program.
The comments at the top of malloc.c provide additional information.
A small correction (removal of an obsolete comment) was made to
the man page for mkfs(8).
To apply the update below first cut where indicated and save to a
file (/tmp/318). Then:
patch -p0 < /tmp/318
cd /usr/src/etc
make mkfs
install -s -m 755 mkfs /etc/mkfs
cd /usr/src/man/man8
/usr/man/manroff mkfs.8 > /usr/man/cat8/mkfs.0
The standalone version of mkfs is affected by the change to mkfs.c
so it might be a good idea to recreate boot floppies or tapes whenever
it is convenient.
This and previous updates are available via anonymous FTP to either
FTP.IIPO.GTEGSC.COM or MOE.2BSD.COM in the directory /pub/2.11BSD.
==========================cut here=========================
*** /usr/src/etc/mkfs.c.old Fri Apr 12 22:57:21 1996
--- /usr/src/etc/mkfs.c Wed May 8 20:15:30 1996
***************
*** 1,5 ****
#if !defined(lint) && defined(DOSCCS)
! char *sccsid = "@(#)mkfs.c 2.8 (2.11BSD) 1996/04/11";
#endif
/*
--- 1,5 ----
#if !defined(lint) && defined(DOSCCS)
! char *sccsid = "@(#)mkfs.c 2.9 (2.11BSD) 1996/5/8";
#endif
/*
***************
*** 34,40 ****
#endif
#define UMASK 0755
! #define MAXFN 500
time_t utime;
--- 34,40 ----
#endif
#define UMASK 0755
! #define MAXFN 750
time_t utime;
*** /usr/src/man/man8/mkfs.8.old Fri Apr 12 21:30:04 1996
--- /usr/src/man/man8/mkfs.8 Wed May 8 20:22:10 1996
***************
*** 2,10 ****
.\" All rights reserved. The Berkeley software License Agreement
.\" specifies the terms and conditions for redistribution.
.\"
! .\" @(#)mkfs.8 2.0 (2.11BSD) 1996/4/12
.\"
! .TH MKFS 8 "April 12, 1996"
.UC 2
.SH NAME
mkfs \- construct a file system
--- 2,10 ----
.\" All rights reserved. The Berkeley software License Agreement
.\" specifies the terms and conditions for redistribution.
.\"
! .\" @(#)mkfs.8 2.1 (2.11BSD) 1996/5/8
.\"
! .TH MKFS 8 "May 8, 1996"
.UC 2
.SH NAME
mkfs \- construct a file system
***************
*** 81,88 ****
mkproto(8)
newfs(8)
.SH BUGS
- There should be some way to specify links.
- .PP
The
.I lost+found
directory is created but the boot block is left uninitialized (see
--- 81,86 ----
*** /usr/src/lib/libc/gen/malloc.c.old Mon Dec 26 14:24:35 1988
--- /usr/src/lib/libc/gen/malloc.c Thu Apr 11 21:13:28 1996
***************
*** 1,20 ****
! /* @(#)malloc.c 2.1 SCCS id keyword */
#ifdef debug
! # define ASSERT(p) if(!(p))botch("p");else
! botch(s)
! char *s;
! {
! printf("assertion botched: %s\n",s);
! abort();
! }
! #else
! # define ASSERT(p)
! #endif
/*
* The origins of the following ifdef are lost. The only comment attached
--- 1,41 ----
! /* @(#)malloc.c 2.2 (2.11BSD) 1996/4/11 */
!
! #include <unistd.h>
!
#ifdef debug
+ #include <sys/types.h>
+ #include <sys/uio.h>
! #define ASSERT(p) if(!(p))botch("p")
! /*
! * Can't use 'printf' below because that can call malloc(). If the malloc
! * arena is corrupt malloc() calls botch() which calls printf which calls malloc
! * ... result is a recursive loop which underflows the stack.
! */
! static botch(s)
! char *s;
! {
! struct iovec iov[3];
! register struct iovec *v = iov;
! char *ab = "assertion botched: ";
! v->iov_base = ab;
! v->iov_len = strlen(ab);
! v++;
! v->iov_base = s;
! v->iov_len = strlen(s);
! v++;
! v->iov_base = "\n";
! v->iov_len = 1;
! writev(STDOUT_FILENO, iov, 3);
! abort();
! }
! #else
! #define ASSERT(p)
! #endif /* debug */
/*
* The origins of the following ifdef are lost. The only comment attached
***************
*** 53,59 ****
#define BLOCK 1024 /* a multiple of WORD */
#define BUSY 1
- #define NULL 0
#define testbusy(p) ((INT)(p)&BUSY)
#define setbusy(p) (union store *)((INT)(p)|BUSY)
--- 74,79 ----
***************
*** 188,195 ****
return((char *)q);
}
! #ifdef debug
! allock()
{
#ifdef longdebug
register union store *p;
--- 208,215 ----
return((char *)q);
}
! #ifdef debug
! static allock()
{
#ifdef longdebug
register union store *p;
***************
*** 205,208 ****
return(1);
#endif
}
! #endif
--- 225,228 ----
return(1);
#endif
}
! #endif /* debug */
*** /VERSION.old Thu May 2 21:17:40 1996
--- /VERSION Wed May 8 20:23:50 1996
***************
*** 1,4 ****
! Current Patch Level: 317
2.11 BSD
============
--- 1,4 ----
! Current Patch Level: 318
2.11 BSD
============