From owner-freebsd-hackers  Sun Oct  7 17:18:32 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7A8DA37B405; Sun,  7 Oct 2001 17:18:27 -0700 (PDT)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.6/8.11.2) id f980IQK01299;
	Sun, 7 Oct 2001 17:18:26 -0700 (PDT)
	(envelope-from dillon)
Date: Sun, 7 Oct 2001 17:18:26 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200110080018.f980IQK01299@earth.backplane.com>
To: Yevgeniy Aleynikov <eugenea@infospace.com>
Cc: Kirk McKusick <mckusick@mckusick.com>,
	Ian Dowse <iedowse@maths.tcd.ie>,
	Matt Dillon <dillon@earth.backplane.com>, peter@FreeBSD.ORG,
	ache@FreeBSD.ORG, Ken Pizzini <kenp@infospace.com>,
	hackers@FreeBSD.ORG
Subject: Re: bleh. Re: ufs_rename panic
References: <200110030610.f936AbR11859@beastie.mckusick.com> <3BBE3F7A.98FBC714@infospace.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

    Well, I've gone through hell trying to fix the rename()/rmdir()/remove()
    races and failed utterly.  There are far more race conditions then even
    my last posting indicated, and there are *severe* problems fixing NFS
    to deal with even Ian's suggestion... it turns out that NFS's nfs_namei()
    permanently adjusts the mbuf while processing the path name, making
    restarts impossible.

    The only solution is to implement namei cache path locking and formalize
    the 'nameidata' structure, which means ripping up a lot of code because
    nearly the entire code base currently plays with the contents of 
    'nameidata' willy-nilly.  Nothing else will work.  It's not something
    that I can consider doing now.

    In the mean time I am going to remove the panic()'s in question.  This
    means that in ufs_rename() the machine will silently ignore the race 
    (not do the rename) instead of panic.  It's all that can be done for
    the moment.  It solve the security/attack issue.  We'll have to attack
    the races as a separate issue.  The patch to remove the panics is utterly
    trivial and I will commit it after I test it.

						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message