From owner-freebsd-stable@FreeBSD.ORG Tue May 10 04:33:24 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4C5616A4EE for ; Tue, 10 May 2005 04:33:24 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 775A543D49 for ; Tue, 10 May 2005 04:33:24 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5368A5257D; Mon, 9 May 2005 21:33:23 -0700 (PDT) Date: Mon, 9 May 2005 21:33:23 -0700 From: Kris Kennaway To: Billy Newsom Message-ID: <20050510043323.GA50881@xor.obsecurity.org> References: <4280353B.8050306@leadhill.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline In-Reply-To: <4280353B.8050306@leadhill.net> User-Agent: Mutt/1.4.2.1i cc: freebsd-stable@freebsd.org Subject: Re: nfs bug & df: Can I lock up my kernel and overflow this buffer? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 04:33:24 -0000 --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 09, 2005 at 11:14:51PM -0500, Billy Newsom wrote: > Here's something pretty stupid about either the code in mount, df, or=20 > both. I'm on the verge of a denial of service if this lasts much=20 > longer. Why do you think so? > When I mount an nfs device more than once, I get this=20 > ridiculous output from df and mount: >=20 > #df > Filesystem 1K-blocks Used Avail Capacity Mounted on > /dev/ad0s1a 253678 137554 95830 59% / > devfs 1 1 0 100% /dev > /dev/ad0s1e 253678 18 233366 0% /tmp > /dev/ad0s1f 7782878 3273986 3886262 46% /usr > /dev/ad0s1d 253678 125386 107998 54% /var > devfs 1 1 0 100% /var/named/dev > dell:/nfs 8883912 4104516 4779396 46% /dellbak > dell:/nfs 8883912 4104516 4779396 46% /dellbak > dell:/nfs 8883912 4104516 4779396 46% /dellbak > dell:/nfs 8883912 4104516 4779396 46% /dellbak > dell:/nfs 8883912 4104516 4779396 46% /dellbak > dell:/nfs 8883912 4104516 4779396 46% /dellbak Why's it ridiculous? You mounted it more than once, so it appears more than once in the list of mounted filesystems. > * Look at the fsid for /dellbak below, using verbose output. Pretty odd. Why is it odd? The fsid is by definition different for different mounts. Kris --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCgDmSWry0BWjoQKURApYuAKDDM0wbSLbzw3SzItRw2FY0kzgiTgCffRTT /g/DeD5rujkEngALbwdLwQU= =QZNi -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk--