[OpenAFS-devel] Bug in namei_ops.c
Hartmut Reuter
reuter@rzg.mpg.de
Fri, 30 Mar 2001 12:51:46 +0200
I have found a "nice" bug in namei_ops.c:
In GetFreeTag() the following code was used to find a free place in the
link table entry:
/* Now find a free column in this row and claim it. */
coldata = 0x7;
for (col = 0; col<NAMEI_MAXVOLS; col++) {
coldata <<= col * 3;
if ((row & coldata) == 0)
break;
}
What happens?
With col == 0 we look for the bits 0x7. This is ok.
With col == 1 we look for the bits 0x38. This is also ok.
With col == 2 we look for the bits 0xe00 instead of 0x1c0 !!!
But later the allocation is done correctly with 0x40.
Thus the next time he will find again a free place for col == 2 !
For higher values of col the test is also incorrect, of course.
Now how should look like:
/* Now find a free column in this row and claim it. */
for (col = 0; col<NAMEI_MAXVOLS; col++) {
coldata = 7 << (col * 3);
if ((row & coldata) == 0)
break;
}
Hartmut
-----------------------------------------------------------------
Hartmut Reuter e-mail reuter@rzg.mpg.de
phone +49-89-3299-1328
RZG (Rechenzentrum Garching) fax +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------