From owner-freebsd-bugs  Sat Oct  3 10:40:19 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA29855
          for freebsd-bugs-outgoing; Sat, 3 Oct 1998 10:40:19 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA29798
          for <freebsd-bugs@FreeBSD.org>; Sat, 3 Oct 1998 10:40:08 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id KAA22931;
	Sat, 3 Oct 1998 10:40:02 -0700 (PDT)
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA29338;
          Sat, 3 Oct 1998 10:37:19 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199810031737.KAA29338@hub.freebsd.org>
Date: Sat, 3 Oct 1998 10:37:19 -0700 (PDT)
From: dswartz@druber.com
To: freebsd-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: www-1.0
Subject: kern/8137: quotaoff followed by quotaon can crash system.
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         8137
>Category:       kern
>Synopsis:       quotaoff followed by quotaon can crash system.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct  3 10:40:01 PDT 1998
>Last-Modified:
>Originator:     Dan Swartzendruber
>Organization:
Swartzendruber Consulting, Inc.
>Release:        2.2.7-STABLE
>Environment:
reeBSD www.kersur.net 2.2.7-STABLE FreeBSD 2.2.7-STABLE #2: Tue Sep 29 20:07:10 EDT 1998     root@mail.kersur.net:/usr/src/sys/compile/WWW  i386

>Description:
Turning quotas off and back on can crash system.
>How-To-Repeat:
Boot a system with quotas on.  Set a few with setquota.  Turn quotas
off with quotaoff.  Turn them back on with quotaon.  You may need to
do a few more setquota commands.  The system will crash at or around
line 778 in ufs/ufs/ufs_quota.c with a kernel page fault.
>Fix:
I believe this is because when a dquot is released, it is threaded onto
the freelist, but left hashed.  When a dquot is needed, one will be
taken from the freelist if possible.  This code assumes that the dquot
is still hashed in.  Unfortunately, quotaoff() calls dquot_flush() which will unhash the dquot (so it is now on the freelist but is not
hashed in).  This causes a fault referencing the hash predecessor of
the dquot we just took from the freelist.  Context diff follows:

*** ufs_quota.c Tue Jul  9 12:51:17 1996
--- /net/www/home/pammy/ufs_quota.c     Sat Oct  3 13:25:05 1998
***************
*** 775,781 ****
                dp = dq->dq_forw;
                if (dp)
                        dp->dq_back = dq->dq_back;
!               *dq->dq_back = dp;
        }
        /*
         * Initialize the contents of the dquot structure.
--- 775,783 ----
                dp = dq->dq_forw;
                if (dp)
                        dp->dq_back = dq->dq_back;
!               dp = dq->dq_back;
!               if (dp)
!                       dp->dq_forw = dq->dq_forw;
        }
        /*
         * Initialize the contents of the dquot structure.

>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message