From owner-freebsd-hackers  Mon Apr 12 11:54:20 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
	by hub.freebsd.org (Postfix) with ESMTP
	id 25057155CE; Mon, 12 Apr 1999 11:54:16 -0700 (PDT)
	(envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.3/8.9.2/best.sh) id LAA16357;
	Mon, 12 Apr 1999 11:50:45 -0700 (PDT)
Message-ID: <19990412115045.B8671@best.com>
Date: Mon, 12 Apr 1999 11:50:45 -0700
From: "Jan B. Koum " <jkb@best.com>
To: Matthew Dillon <dillon@apollo.backplane.com>,
	"David E. Cross" <crossd@cs.rpi.edu>
Cc: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: increased crashing in NFS server
Mail-Followup-To: Matthew Dillon <dillon@apollo.backplane.com>,
	"David E. Cross" <crossd@cs.rpi.edu>, freebsd-hackers@FreeBSD.ORG,
	freebsd-security@FreeBSD.ORG
References: <199904110341.XAA17071@cs.rpi.edu> <199904110703.AAA03493@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199904110703.AAA03493@apollo.backplane.com>; from Matthew Dillon on Sun, Apr 11, 1999 at 12:03:49AM -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Apr 11, 1999 at 12:03:49AM -0700, Matthew Dillon <dillon@apollo.backplane.com> wrote:
> :I recently updated all of our FreeBSD3 clients to use NFSv3/UDP when
> :contacting our servers (FreeBSD3 of the same build tree).  We have
> :noticed an increase in crashing of our main home directory server 
> :(which is the only server really handling RW mounts, our other servers
> :are mostly RO, with some minor RW activity.)  The first crash was
> :obviously NFS.  I traced it to one of 2 possible crash points in the
> :kernel (sorry, no stack trace, we don't [yet] have a crashlogs enabled
> :for that machine.).
> :
> :The panic was:
> :mbuf siz=33476
> :panic: Bad nfs svc reply
> 
>     You are using a 32K file block size?  If so, reduce it to 8K.
> 
>     I think you've just shown us a security hole in the NFS system -- it
>     panics if it is given too large a response packet.  Oops.  It should
>     just print a message and drop the packet.

	This is not a new bug Matt :(
	Take a look at kern/6771 PR (still open).

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message