From owner-freebsd-bugs Fri Feb 14 20:40:14 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 64D4637B401 for ; Fri, 14 Feb 2003 20:40:11 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 662B943FBD for ; Fri, 14 Feb 2003 20:40:10 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h1F4eANS073312 for ; Fri, 14 Feb 2003 20:40:10 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h1F4eAn0073311; Fri, 14 Feb 2003 20:40:10 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4D9837B401 for ; Fri, 14 Feb 2003 20:36:50 -0800 (PST) Received: from dilbert.robbins.dropbear.id.au (005.a.008.mel.iprimus.net.au [210.50.86.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 530DB43F3F for ; Fri, 14 Feb 2003 20:36:47 -0800 (PST) (envelope-from tim@robbins.dropbear.id.au) Received: from dilbert.robbins.dropbear.id.au (gxngqnl59e3mvj6f@localhost [127.0.0.1]) by dilbert.robbins.dropbear.id.au (8.12.6/8.12.6) with ESMTP id h1F4ae0n053463 for ; Sat, 15 Feb 2003 15:36:42 +1100 (EST) (envelope-from tim@dilbert.robbins.dropbear.id.au) Received: (from tim@localhost) by dilbert.robbins.dropbear.id.au (8.12.6/8.12.6/Submit) id h1F4adiE053462 for FreeBSD-gnats-submit@freebsd.org; Sat, 15 Feb 2003 15:36:39 +1100 (EST) (envelope-from tim) Message-Id: <20030215153639.A53449@dilbert.robbins.dropbear.id.au> Date: Sat, 15 Feb 2003 15:36:39 +1100 From: Tim Robbins To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/48291: mmap()'d regions of smbfs files behave incorrectly after close() Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 48291 >Category: kern >Synopsis: mmap()'d regions of smbfs files behave incorrectly after close() >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Feb 14 20:40:10 PST 2003 >Closed-Date: >Last-Modified: >Originator: Tim Robbins >Release: FreeBSD 4.7-RELEASE-p4 i386 >Organization: The FreeBSD Project >Environment: System: FreeBSD 4.7 and 5.0 are both affected >Description: If a file on a smbfs mount is opened, part of it mapped in to memory with mmap(), then the descriptor closed, reads and writes to/from the mapped region will fail and cause a segmentation fault. This behaviour is incorrect according to SUSv3: (System Interfaces volume, Issue 6, page 773) 25284 The mmap( ) function shall add an extra reference to the file associated with the file descriptor 25285 fildes which is not removed by a subsequent close( ) on that file descriptor. This reference shall be 25286 removed when there are no more mappings to the file. .. and breaks applications, such as gcc (cpp0) and thttpd. >How-To-Repeat: Try to compile GNU bash 2.05b on a smbfs mount, or try to serve files off a smbfs share with thttpd. >Fix: The smbfs_close() vnode op is closing the file on the server, which causes smbfs_getpages()/smbfs_putpages() to try to perform operations with an invalid file handle. There are two possible solutions: (a) Don't close the file handle on the server in smbfs_close(); let smbfs_inactive() close it instead. (b) Reopen the file in smbfs_getpages() and smbfs_putpages(), write to it, then close it. This solution has a much higher overhead but it seems to be what Linux smbfs does. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message