From owner-freebsd-fs@FreeBSD.ORG  Mon Aug 30 09:35:20 2004
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 84CC016A4D2
	for <fs@freebsd.org>; Mon, 30 Aug 2004 09:35:20 +0000 (GMT)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7825C43D2F
	for <fs@freebsd.org>; Mon, 30 Aug 2004 09:35:20 +0000 (GMT)
	(envelope-from bright@elvis.mu.org)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 6E0695C95D; Mon, 30 Aug 2004 02:35:20 -0700 (PDT)
Date: Mon, 30 Aug 2004 02:35:20 -0700
From: Alfred Perlstein <alfred@freebsd.org>
To: fs@freebsd.org
Message-ID: <20040830093520.GL31434@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: prevent easy panics with invariants.
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2004 09:35:20 -0000

A patch like this (untested) is needed, otherwise a messup 
calling mount will panic the system way too easily.

Basically, vfs_freeopt will ASSERT:
KASSERT(opt->value == NULL && opt->len)

But because we set opt->len before we set opt->value we blow up
hard if there is an error in the nmount code path.

Index: vfs_mount.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/vfs_mount.c,v
retrieving revision 1.138
diff -u -r1.138 vfs_mount.c
--- vfs_mount.c	30 Jul 2004 22:08:52 -0000	1.138
+++ vfs_mount.c	30 Aug 2004 09:32:09 -0000
@@ -274,7 +274,7 @@
 		optlen = auio->uio_iov[i + 1].iov_len;
 		opt->name = malloc(namelen, M_MOUNT, M_WAITOK);
 		opt->value = NULL;
-		opt->len = optlen;
+		opt->len = 0;
 
 		/*
 		 * Do this early, so jumps to "bad" will free the current
@@ -308,6 +308,7 @@
 			goto bad;
 		}
 		if (optlen != 0) {
+			opt->len = optlen;
 			opt->value = malloc(optlen, M_MOUNT, M_WAITOK);
 			if (auio->uio_segflg == UIO_SYSSPACE) {
 				bcopy(auio->uio_iov[i + 1].iov_base, opt->value,