Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Jun 1999 21:21:43 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        "David E. Cross" <crossd@cs.rpi.edu>, David Scheidt <dscheidt@enteract.com>, Chan Yiu Wah <c5666305@hkstar.com>, freebsd-current@FreeBSD.ORG
Subject:   NFS vnode reference issues on server
Message-ID:  <199906150421.VAA14439@apollo.backplane.com>
next in thread | raw e-mail | index | archive | help 

:>     Ack, you may have opened up a can of worms here.  I don't even think
:>     that nfs_namei() does the right thing when it returns an error... it
:>     doesn't look like it clears the ndp->ni_vp either in some error cases.
:> 
:>     We are going to have to instrument the code - basically means NULLing
:>     out ni_vp and any local vnode pointer when the vnode in question is
:>     released so we can keep track of it and putting KASSERT()s in strategic
:>     places.  nfs_namei() in nfs/nfs_subs.c and just about all the subroutines
:>     defined in nfs/nfs_serv.c.
:
:OK, you hijacked my thread ... OK, I've done worse, but please, could
:you change the subject line?  We *do* still have a ctm outage here, it's
:clearing up (I hope) but I want feedback, and you've prevented it.
 
     Oops, didn't even notice.  Fixed.

     Ok, something for people following the code to look over if they have 
     the time.  This in nfs_subs.c, nfs_namei().  Question:  ndp->ni_vp 
     is non-NULL and appears to be referenced as of the time a badlink
     occurs, linklen is 0, or the link is too long.  Do we have to 
     release ndp->ni_vp and NULL it out in this case?  I believe so.

	nfs_namei(...) {
	    ...
                if (error) {
                badlink:
			>>>>>>>>>> release/NULL ndp->ni_vp ??? <<<<<<<<<
                        if (ndp->ni_pathlen > 1)
                                zfree(namei_zone, cp);
                        break;
                }
                linklen = MAXPATHLEN - auio.uio_resid;
                if (linklen == 0) {
                        error = ENOENT;
                        goto badlink;
                }
                if (linklen + ndp->ni_pathlen >= MAXPATHLEN) {
                        error = ENAMETOOLONG;
                        goto badlink;
                }


					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906150421.VAA14439>