From owner-freebsd-hackers  Tue Jan 23 12:28:59 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id MAA14149
          for hackers-outgoing; Tue, 23 Jan 1996 12:28:59 -0800 (PST)
Received: from mpp.minn.net (root@mpp.Minn.Net [204.157.201.242])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id MAA13917
          for <freebsd-hackers@freebsd.org>; Tue, 23 Jan 1996 12:24:32 -0800 (PST)
Received: (from mpp@localhost) by mpp.minn.net (8.7.3/8.6.9) id OAA00356; Tue, 23 Jan 1996 14:22:59 -0600 (CST)
Message-Id: <199601232022.OAA00356@mpp.minn.net>
Subject: Re: NFS trouble ?
To: m_tanaka@pa.yokogawa.co.jp (Mihoko Tanaka)
Date: Tue, 23 Jan 1996 14:22:58 -0600 (CST)
From: "Mike Pritchard" <mpp@mpp.minn.net>
Cc: freebsd-hackers@freebsd.org
In-Reply-To: <9601231404.AA28044@cabbage.pa.yokogawa.co.jp> from "Mihoko Tanaka" at Jan 23, 96 11:04:54 pm
X-Mailer: ELM [version 2.4 PL25 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
Precedence: bulk

Mihoko Tanaka wrote:
> 
> Hello All,
> 
> My friend is developping a program which seek a file and read it.
> Her program seeks a file with a wrong offset (i.e the offset size is larger
> than the file size). It occurs panic.
> 
> When a file is on a local disk, nothing happens.
> But when a file is on NFS, it occurs panic everytime.
> 
> She use FreeBSD-2.1.0R.

The problem also exists under FreeBSD-current.  The problem is that
nfs_bio winds up doing a bogus computation when the current file
offset is more than a block beyond the end of the file, and it winds
up trying to read up a few terabytes of buffer memory.

If someone would review the attached patch at the end of this 
message, I'll go commit it.

> then
> 	off_t offset = 0x90000000 > 0
> 
> I guess that lseek should return a error (EINVAL) when 'offset' is
> larger then the file size . 
> What do you think ?

No, seeking past the end of the file a perfectly valid.  The lseek
man page explains this.


Index: nfs_bio.c
===================================================================
RCS file: /usr/var/cvs/src/sys/nfs/nfs_bio.c,v
retrieving revision 1.21
diff -u -r1.21 nfs_bio.c
--- nfs_bio.c	1995/12/17 21:12:13	1.21
+++ nfs_bio.c	1996/01/23 20:03:38
@@ -240,7 +240,8 @@
 		 */
 again:
 		bufsize = biosize;
-		if ((lbn + 1) * biosize > np->n_size) {
+		if ((lbn + 1) * biosize > np->n_size && 
+		    (lbn + 1) * biosize - np->n_size < biosize) {
 			bufsize = np->n_size - lbn * biosize;
 			bufsize = (bufsize + DEV_BSIZE - 1) & ~(DEV_BSIZE - 1);
 		}
-- 
Mike Pritchard
mpp@minn.net
"Go that way.  Really fast.  If something gets in your way, turn"