From owner-freebsd-current  Mon Jan 22  6:28:41 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP id 3C87937B699
	for <current@freebsd.org>; Mon, 22 Jan 2001 06:28:21 -0800 (PST)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id BAA08374
	for <current@freebsd.org>; Tue, 23 Jan 2001 01:28:18 +1100
Date: Tue, 23 Jan 2001 01:28:11 +1100 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-Sender: bde@besplex.bde.org
To: current@freebsd.org
Subject: current panics in mount(2)
Message-ID: <Pine.BSF.4.21.0101230059070.29544-100000@besplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

My nfs server now always panics when it attempts to export ufs
filesystems.  This is caused by my mount(8) being slightly out of
date.  This shouldn't be a problem, but `struct export_args' contains
a `struct ucred' which contains a `struct mtx', so when `struct mtx'
shrunk by 1 pointer yesterday, the out of date mount(8) started
supplying garbage for all the export args following the ucred one.
FreeBSD does very little checking of the export args and panics in
the following malloc() in vfs_hang_addrlist():

	i = sizeof(struct netcred) + argp->ex_addrlen + argp->ex_masklen;
	np = (struct netcred *)malloc(i, M_NETADDR, M_WAITOK | M_ZERO);

ISTR a PR about lack of checking of export args.

Somehow there were few problems when `struct mtx' was added to
`struct ucred'.  The critical args were probably usually 0.

Bruce



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message