: Frank Pavageau writes:
:: It looks like it loops in V1_trunc_indirect, from the CPU state :
:: This is on a fresh pre2.0.7, with nothing special enabled (config follows).
: I don't think it is something in the minix code. It hasn't changed during
: the last patch levels. Probably some changes in the vfs code has led to
: this behaviour.
An old minix bug has been triggered by recent (buggy) changes.
By some coincidence I just fixed this a few hours ago.
In fs/minix/truncate.c there is the code
#define DIRECT_BLOCK ((inode->i_size + 1023) >> 10)
#define INDIRECT_BLOCK(offset) (DIRECT_BLOCK-offset)
repeat:
for (i = INDIRECT_BLOCK(offset) ; i < 512 ; i++) {
if (i < 0)
i = 0;
if (i < INDIRECT_BLOCK(offset))
goto repeat;
What happens if (i < 0) ?
Then INDIRECT_BLOCK(offset) was negative. But inode->i_size
is unsigned, so in the comparison
if (i < INDIRECT_BLOCK(offset))
it is treated as positive, we goto repeat. An infinite loop,
and the system is dead. Changing the define to
#define DIRECT_BLOCK (((int) inode->i_size + 1023) >> 10)
fixes this.
Andries