From owner-cvs-all@FreeBSD.ORG Sun Dec 5 23:14:10 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0667316A4FF; Sun, 5 Dec 2004 23:14:10 +0000 (GMT) Received: from ns1.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 870CB43D3F; Sun, 5 Dec 2004 23:14:09 +0000 (GMT) (envelope-from marcel@xcllnt.net) Received: from [192.168.4.250] (dhcp50.pn.xcllnt.net [192.168.4.250]) by ns1.xcllnt.net (8.13.1/8.13.1) with ESMTP id iB5NE8pf033458; Sun, 5 Dec 2004 15:14:09 -0800 (PST) (envelope-from marcel@xcllnt.net) In-Reply-To: <68666.1102286230@critter.freebsd.dk> References: <68666.1102286230@critter.freebsd.dk> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <5DA9481A-4713-11D9-A4F2-000D93C47836@xcllnt.net> Content-Transfer-Encoding: 7bit From: Marcel Moolenaar Date: Sun, 5 Dec 2004 15:14:08 -0800 To: "Poul-Henning Kamp" X-Mailer: Apple Mail (2.619) cc: cvs-src@FreeBSD.org cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/sys vnode.h src/sys/gnu/ext2fs ext2_vnops.c src/sys/nfsclient nfs_vnops.c src/sys/ufs/ufs ufs_vnops.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Dec 2004 23:14:10 -0000 On Dec 5, 2004, at 2:37 PM, Poul-Henning Kamp wrote: > In message <200412052230.iB5MUTZs021927@repoman.freebsd.org>, Marcel > Moolenaar > writes: >> marcel 2004-12-05 22:30:29 UTC >> >> FreeBSD src repository >> >> Modified files: >> sys/sys vnode.h >> sys/gnu/ext2fs ext2_vnops.c >> sys/nfsclient nfs_vnops.c >> sys/ufs/ufs ufs_vnops.c >> Log: >> Fix null-pointer indirect function calls introduced in the previous >> commit. In the new world order, the transitive closure on the vector >> operations is not precomputed. As such, it's unsafe to actually use >> any of the function pointers in an indirect function call. > > Uhm not really. > > You'll notice that these three cases vector through a fifo_*specop*. > > The "specop" as opposed to "vnodeop", means that you're supposed to > know what you're doing. > > Did you actually get a zero pointer deref on this ? Yes, on vop_write(). See my posting to current@ http://docs.freebsd.org/cgi/getmsg.cgi?fetch=895498+0+archive/2004/ freebsd-current/20041205.freebsd-current You need: rpcbind_enable=YES rpc_lockd_enable=YES rpc_statd_enable=YES if you want to trigger the bug. The null-pointer dereference happens on all platforms. -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net