From owner-freebsd-hackers  Wed Jan 16 13:17:22 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by hub.freebsd.org (Postfix) with SMTP
	id 8982C37B400; Wed, 16 Jan 2002 13:17:17 -0800 (PST)
Received: from gosset.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa18236@salmon>; 16 Jan 2002 21:17:16 +0000 (GMT)
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Alfred Perlstein <bright@mu.org>, "Alan L. Cox" <alc@imimic.com>,
	FreeBSD-hackers@FreeBSD.ORG, re@FreeBSD.ORG
Subject: Re: Need review of NFS patch set for server .. missing/wrong vput() issues 
In-Reply-To: Your message of "Wed, 16 Jan 2002 10:50:58 PST."
             <200201161850.g0GIowg68383@apollo.backplane.com> 
Date: Wed, 16 Jan 2002 21:17:12 +0000
From: Ian Dowse <iedowse@maths.tcd.ie>
Message-ID:  <200201162117.aa18236@salmon.maths.tcd.ie>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

In message <200201161850.g0GIowg68383@apollo.backplane.com>, Matthew Dillon wri
tes:
>    NFS fix).  I think Ian's mknod tests are a no-brainer.  They should
>    just go in, as should my mknod fix.

I agree here - Matt's mknod fix and the S_IFMT mode bits corruption
bug that I fixed are simple fixes and they are both effectively
remotely exploitable (but only if you are running an NFS server,
and generally only by hosts listed in /etc/exports). The first bug
causes all processes to get stuck in state `inode', and the second
causes filesystem corruption that requires a manual fsck to fix.
Matt's mknod bug occurred during normal operation, but the other
probably only happens with a hostile client.

    http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/nfsserver/nfs_serv.c
    mknod bug: revision 1.114
    S_IFMT bug: revision 1.113

>    #1 Fix corruption that can occur if a RW mount is downgraded to RO
>    #2 Fix spl confusion that can occcur in ACQUIRE_LOCK*() softupdates
>      routines 
>    #3 Fix softupdates panic that can occur during heavy I/O
>      (see 'drain_output' calls in patch below)
>
>    I have included Kirk's patch (for stable) below for review.  It's a bit
>    messy so I will note that the most important fix is #3 above, and it is
>    a very simple and tiny portion of the below patch.

I'm not so sure about these. #3 looks simple on its own I suppose.
#1 has been around for years, and although annoying, the corruption
is simply that some blocks don't get freed until the next real fsck.
This fix was only committed to -current yesterday, and it has already
caused one problem there, so it's not looking too good from a gain
vs. risk POV :-) I'm not sure about #2 either; the patch isn't too
complex, but it's a bit strange.

    http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/ufs/ffs/ffs_softdep.c
    #2: 1.104
    #3: 1.103

BTW is the VDRAINED stuff in your patch just left over from something
else? It doesn't seem to be present in -current.

Ian

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message