From owner-freebsd-security  Sun Apr 11  0: 6:20 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id DE1E714F4A; Sun, 11 Apr 1999 00:06:14 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id AAA03493;
	Sun, 11 Apr 1999 00:03:49 -0700 (PDT)
	(envelope-from dillon)
Date: Sun, 11 Apr 1999 00:03:49 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199904110703.AAA03493@apollo.backplane.com>
To: "David E. Cross" <crossd@cs.rpi.edu>
Cc: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: increased crashing in NFS server
References:  <199904110341.XAA17071@cs.rpi.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:I recently updated all of our FreeBSD3 clients to use NFSv3/UDP when
:contacting our servers (FreeBSD3 of the same build tree).  We have
:noticed an increase in crashing of our main home directory server 
:(which is the only server really handling RW mounts, our other servers
:are mostly RO, with some minor RW activity.)  The first crash was
:obviously NFS.  I traced it to one of 2 possible crash points in the
:kernel (sorry, no stack trace, we don't [yet] have a crashlogs enabled
:for that machine.).
:
:The panic was:
:mbuf siz=33476
:panic: Bad nfs svc reply

    You are using a 32K file block size?  If so, reduce it to 8K.

    I think you've just shown us a security hole in the NFS system -- it
    panics if it is given too large a response packet.  Oops.  It should
    just print a message and drop the packet.

:The second panic just happened, it claims to be softupdate related.  I
:think it may have something to do with NFSv3 however since this machine
:used to be very stable (ie, not 2 crashes in a week).
:
:This panic was:
:panic: softdep_write_inodeblock: indirect pointer #0 mismatch 0 != 102192
:8
:syncing disks... panic: softdep_lock: locking against myself
:...
:        The Regents of the University of California. All rights reserved.
:FreeBSD 3.1-STABLE #0: Sun Mar 21 02:23:19 EST 1999
:    schimken@wobble.cs.rpi.edu:/usr/src/sys/compile/STAGGER
:...
:David Cross                                |   WinNT:Linux::Linux:FreeBSD

    This is when you built it.  When did you check the source out of the CVS
    tree?

    There have been a few commits in this area since Mar 21st, you definitely
    want to update your sources, but I don't think any of the commits address
    the above softupdates panic.  I've never seen that panic before.  

    I recommend fsck'ing all your filesystems from single-user just in case
    there's some garbage in there.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message