Date: Thu, 25 Oct 2007 21:48:45 -0500 From: Eric Anderson <anderson@freebsd.org> To: freebsd-current@freebsd.org Subject: panic: ffs_read: uio->uio_offset < 0 (NFS related) Message-ID: <4721558D.1040804@freebsd.org>
next in thread | raw e-mail | index | archive | help
It appears that NFS cookies that are large, with bits past the 32bit range can be munged because the cookies type used is only 32bit when NFS cookies can be 64bit. This can cause NFS problems at the least, and in the worst case, cause a kernel panic on the NFS server (see subject) if the result is a negative offset, which gets passed down directly into the underlying file system's readdir (in this case) function. For UFS this causes a panic. It looks like the two cookie variables need to be 64 bit types, but that would also require changing the VOP_READDIR arguments to also be 64bit, and that's a big change. One way to stop the panic at least it to return BAD_COOKIE on cookies that would panic the box, since it is rare that a client would get that kind of cookie anyhow. Thoughts? Eric Note that the code even comments on the 64bit need: http://fxr.googlebit.com/source/sys/nfsserver/nfs_serv.c?v=8-CURRENT#L3450
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4721558D.1040804>