From owner-freebsd-hackers  Tue Jun 15  1:32:20 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id 8F73014EF4
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 15 Jun 1999 01:32:17 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id BAA15496;
	Tue, 15 Jun 1999 01:32:15 -0700 (PDT)
	(envelope-from dillon)
Date: Tue, 15 Jun 1999 01:32:15 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199906150832.BAA15496@apollo.backplane.com>
To: "David E. Cross" <crossd@cs.rpi.edu>
Cc: schimken@cs.rpi.edu, freebsd-hackers@FreeBSD.ORG
Subject: Re: NFSv3 fixes...
References:  <199906150426.AAA24303@cs.rpi.edu>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

:Who, me?  Open a can of worms?  ;)

    Heh!

:>     We are going to have to instrument the code - basically means NULLing
:>     out ni_vp and any local vnode pointer when the vnode in question is
:>     released so we can keep track of it and putting KASSERT()s in strategic
:>     places.  nfs_namei() in nfs/nfs_subs.c and just about all the subroutines
:>     defined in nfs/nfs_serv.c.
:
:That was along the lines of my thoughts too... it became painfully obvious
:that this sort of bug could be (and probably is) everywhere in the nfs
:server code.  I will be happy to follow your lead on this (honored one
:may say).  I am hoping to have some time to deal with this tonight, but I did
:just get my CD-RW drive.  We should probably take the time to document the
:code some more while we are at it... simple things like commenting what
:braces go to what would have greatly eased my trace through the code :)
:
:--
:David Cross
:The source will be with you, always.

    Well, I looked at the code some more.  The bugs in nfs_namei() are easy
    to fix.

    Unfortunately, I found some truely horrendous bugs in nfs_serv.c.  Sometimes
    'dirp' is not properly released, there is a double-free of 
    nd.ni_cnd.cn_pnbuf in one place, sometimes nd.ni_startdir is not always
    released.  This is on top of the bugs you found with nd.ni_vp and nd.ni_dvp
    not always being properly released!

    The nfs_serv.c module is going to have to be seriously cleaned up, which
    basically means a rewrite of the more complex procedures.  I think I can
    do it fairly easily, and comment it along the way.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message