Re: vfat: attempt to access beyond end of device

From: Alexander Griesser (tuxx@aon.at)
Date: Thu Jul 12 2001 - 16:18:30 EST

On Fri, Jul 13, 2001 at 04:29:02AM +0900, you wrote:
> This bug will be fixed by the following change.
>
> diff -urN linux-2.4.7-pre6.orig/fs/fat/inode.c linux-2.4.7-pre6/fs/fat/inode.c
> --- linux-2.4.7-pre6.orig/fs/fat/inode.c Tue Jun 12 11:15:27 2001
> +++ linux-2.4.7-pre6/fs/fat/inode.c Fri Jul 13 04:20:04 2001
> @@ -842,7 +842,7 @@
> struct super_block *sb = inode->i_sb;
> struct buffer_head *bh;
> struct msdos_dir_entry *raw_entry;
> - int i_pos;
> + unsigned int i_pos;
>
> retry:
> i_pos = MSDOS_I(inode)->i_location;
>
>
> But, should change ino/i_location/i_pos to unsigned long in
> fat/vfat/msdos/umsdos, IMHO.

When I try to write new files on it, I get:
kernel: attempt to access beyond end of device
kernel: 16:01: rw=0, want=2081231810, limit=80035798

According to his Problewm:
Shouldn't an "int" be enough?

2^31 = 2147483648
And he "wants": 2081231810

Should do, or did I miss something?

When I was tracking down this bug, I found some maybe interesting stuff
in /usr/src/linux-2.4.6/drivers/block/ll_rw_blk.c:

void generic_make_request (int rw, struct buffer_head * bh)
{
        int major = MAJOR(bh->b_rdev);
        int minorsize = 0;
        request_queue_t *q;

        if (!bh->b_end_io)
                BUG();

        /* Test device size, when known. */
        if (blk_size[major])
                minorsize = blk_size[major][MINOR(bh->b_rdev)];
        if (minorsize) {
                unsigned long maxsector = (minorsize << 1) + 1;
                unsigned long sector = bh->b_rsector;
                unsigned int count = bh->b_size >> 9;
                        ^^^^^
      /************** Shouldn't that be long? *****************/

                if (maxsector < count || maxsector - count < sector) {
                        /* Yecch */
                        bh->b_state &= (1 << BH_Lock) | (1 << BH_Mapped);

                        /* This may well happen - the kernel calls bread()
                           without checking the size of the device, e.g.,
                           when mounting a device. */

      /************** Here's his error message ****************/
                        printk(KERN_INFO
                               "attempt to access beyond end of device\n");
                        printk(KERN_INFO "%s: rw=%d, want=%ld, limit=%d\n",
                               kdevname(bh->b_rdev), rw,
                               (sector + count)>>1, minorsize);

                        /* Yecch again */
                        bh->b_end_io(bh, 0);
                        return;
                }
        }

regards, alexx
PS.: Please don't flame, if this is absolutely crap ;) 

-- 
|    .-.    |   CCNAIA Alexander Griesser <tuxx@aon.at>  |   .''`.  |
|    /v\    |  http://www.tuxx-home.at -=- ICQ:63180135  |  : :' :  |
|  /(   )\  |    echo "K..?f{1,2}e[nr]böck" >>~/.score   |  `. `'   |
|   ^^ ^^   |    Linux Version 2.4.6 - Debian Unstable   |    `-    |
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Sun Jul 15 2001 - 21:00:18 EST