The msdosfs code contains a number of issues, including 1 issue that causes a kernel panic when mounting a FAT12 file system with a FAT that extends beyond 1 cluster.
Other issues are misreporting of the total disk space and of sectors allocated to the FAT and to the root directory on FAT12 or FAT16 filesystems.
Details
Apply patch and verify that the issues reported in PR #270587 are resolved and that correct values and behavior can be observed for FAT file systems generated with default parameters or with other parameters that are allowed by the specification (e.g. large sector sizes, large clusters, or large root directories).
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
PR270587 contains the description of the unexpected behavior fixed by these patches.
The code path for FAT32 is not affected by these patches.
sys/fs/msdosfs/msdosfs_fat.c | ||
---|---|---|
95 | For FAT12 a multiple of 3 bytes needs to be fetched and parsed to avoid an out-of-bounds access to a cluster entry that crosses cluster boundaries. | |
sys/fs/msdosfs/msdosfs_vfsops.c | ||
710 | The condition was wrong and caused valid FAT12 file systems to be trated as FAT16 in the following lines, leading to only 3/4 of the size being made available (e.g. 12 MB for a file system consisting of 4084 clusters of 4 KB). | |
1051 | The first data cluster is cluster #2, thus for example maxcluster=1023 would represent a data area indexed by [2 .. 1023] and with a size of 1022 clusters. | |
sys/fs/msdosfs/msdosfs_vnops.c | ||
319 | The root directory of a FAT12 or FAT16 file system exists in a separate area outside the data area. The directory has a logical size of #entries * 32, but no blocks from the data area are allocated to it. |
Yes, all 3 issues are fixed by this patch set - the inline comments explain which change addresses which issue.
Most important is of course the panic due to an out-of-bounds access beyond the allocated page for certain FAT12 parameters.
An ugly but functional test script has been attached to PR #270587.
This is an extended version of the script used to test the tallying of used root directory entries in review D38987, which caused my system to panic and which also reported the other inconsistencies addressed in this review.