freebsd kernel with SKQ
97f50d063c
code that says this: nfsm_request(vp, NFSPROC_FSSTAT, p, cred); if (v3) nfsm_postop_attr(vp, retattr); if (!error) nfsm_dissect(sfp, struct nfs_statfs *, NFSX_STATFS(v3)); The problem here is that if error != 0, nfsm_dissect() will not be called, which leaves sfp == NULL. But nfs_statfs() does not bail out at this point: it continues processing until it tries to dereference sfp, which causes a panic. I was able to generate this crash under the following conditions: 1) Set up a machine as an NFS server and NFS client, with amd running (using NIS maps). /usr/local is exported, though any exported fs can can be used to trigger the bug. 2) Log in as normal user, with home directory mounted from a SunOS 4.1.3 NFS server via amd (along with a few other NFS filesystems from same machine). 3) Su to root and type the following: # mount localhost:/usr/local /mnt # df To fix the panic, I changed the code to read: if (!error) { nfsm_dissect(sfp, struct nfs_statfs *, NFSX_STATFS(v3)); } else goto nfsmout; This is a bit kludgy in that nfsmout is a label defined by the nfsm_subs.h macros, but these macros are themselves more than a little kludgy. This stops the machine from crashing, but does not fix the overall bug: 'error' somehow becomes 5 (EIO) when a statfs() is performed on the locally mounted NFS filesystem. This seems to only happen the first time the filesystem is accesed: on subsequent accesses, it seems to work fine again. Now, I know there's no practical use in mounting a local filesystem via NFS, but doing it shouldn't cause the system to melt down. |
||
---|---|---|
bin | ||
contrib | ||
crypto | ||
eBones | ||
etc | ||
games | ||
gnu | ||
include | ||
lib | ||
libexec | ||
lkm | ||
release | ||
sbin | ||
secure | ||
share | ||
sys | ||
tools | ||
usr.bin | ||
usr.sbin | ||
COPYRIGHT | ||
Makefile | ||
README |
This is the top level of the FreeBSD source directory. This file was last revised on: $Id$ For copyright information, please see the file COPYRIGHT in this directory (additional copyright information also exists for some sources in this tree - please see the specific source directories for more information). The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree, the most commonly used one being ``world'', which rebuilds and installs everything in the FreeBSD system from the source tree except the kernel. Please see the top of the Makefile for more information on the standard build targets and compile-time flags. Building a kernel with config(8) is a somewhat more involved process, documentation for which can be found at: http://www.freebsd.org/handbook/kernelconfig.html And in the config(8) man page. The sample kernel configuration files reside in the sys/i386/conf sub-directory (assuming that you've installed the kernel sources), the file named GENERIC being the one used to build your initial installation kernel. The file LINT contains entries for all possible devices, not just those commonly used, and is meant more as a general reference than an actual kernel configuration file (a kernel built from it wouldn't even run). Source Roadmap: --------------- bin System/User commands. contrib Packages contributed by 3rd parties. eBones Kerberos package - NOT FOR EXPORT! etc Template files for /etc games Amusements. gnu Various commands and libraries under the GNU Public License. Please see gnu/COPYING* for more information. include System include files. lib System libraries. libexec System daemons. lkm Loadable Kernel Modules. release Release building Makefile & associated tools. sbin System commands. secure DES and DES-related utilities - NOT FOR EXPORT! share Shared resources. sys Kernel sources. tools Utilities for regression testing and miscellaneous tasks. usr.bin User commands. usr.sbin System administration commands. For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see: http://www.freebsd.org/handbook/synching.html