From serge@jbj.org Mon Sep 8 19:29:11 1997 Received: from serge.jbj.org (serge.JBJ.ORG [198.178.231.60]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id TAA25698 for ; Mon, 8 Sep 1997 19:29:09 -0700 (PDT) Received: (from serge@localhost) by serge.jbj.org (8.8.6/8.6.12) id WAA04878; Mon, 8 Sep 1997 22:29:07 -0400 (EDT) Message-Id: <199709090229.WAA04878@serge.jbj.org> Date: Mon, 8 Sep 1997 22:29:07 -0400 (EDT) From: Serge Pashenkov Reply-To: serge@jbj.org To: FreeBSD-gnats-submit@freebsd.org Subject: df on a stale file system panics X-Send-Pr-Version: 3.2 >Number: 4501 >Category: kern >Synopsis: df on a stale file system panics >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 8 19:30:01 PDT 1997 >Closed-Date: Fri Oct 17 21:16:29 MEST 1997 >Last-Modified: Fri Oct 17 21:17:07 MEST 1997 >Originator: Serge Pashenkov >Release: FreeBSD 2.2-STABLE i386 >Organization: >Environment: 2.2 stable circa Sep 8 >Description: on a server export something like /mnt with something mounted there (floppy would be just fine), mount it on 2.2 stable client, unmount /mnt on the server. Now, simple df panics the client. >How-To-Repeat: see description. >Fix: nfs_statfs() does not parse the packet quite right in case of a stale file handle. Local variable register struct nfs_statfs *sfp; is assigned 0 and never reassigned the real value, but still gets used as a pointer later. I'm not sure how to really fix the problem for I don't quite frok nfsm_ macros, but following is a prop which just checks for 0 value of sfp. It fixes the panic, and actually I see no problems with that, but probably right fix is in the nfsm_ ... RCS file: /spare/ncvs/src/sys/nfs/nfs_vfsops.c,v retrieving revision 1.30.2.4 diff -c -r1.30.2.4 nfs_vfsops.c *** nfs_vfsops.c 1997/05/14 08:19:29 1.30.2.4 --- nfs_vfsops.c 1997/09/02 13:49:13 *************** *** 245,250 **** --- 245,256 ---- nfsm_postop_attr(vp, retattr); if (!error) nfsm_dissect(sfp, struct nfs_statfs *, NFSX_STATFS(v3)); + + if (sfp == NULL) { + error = ESTALE; + goto nfsmout; + } + #ifdef __NetBSD__ #ifdef COMPAT_09 sbp->f_type = 2; >Release-Note: >Audit-Trail: State-Changed-From-To: open->feedback State-Changed-By: joerg State-Changed-When: Fri Oct 17 14:16:52 MEST 1997 State-Changed-Why: A slightly different fix has been merged from -current in rev 1.30.2.5. Please try whether this would also fix your problem. State-Changed-From-To: feedback->closed State-Changed-By: joerg State-Changed-When: Fri Oct 17 21:16:29 MEST 1997 State-Changed-Why: Fix confirmed. >Unformatted: