From owner-freebsd-stable  Thu Dec  7 16:40:25 2000
From owner-freebsd-stable@FreeBSD.ORG  Thu Dec  7 16:40:17 2000
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from pike.osd.bsdi.com (pike.osd.bsdi.com [204.216.28.222])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8504B37B400; Thu,  7 Dec 2000 16:40:17 -0800 (PST)
Received: from laptop.baldwin.cx (root@jhb-laptop.osd.bsdi.com [204.216.28.241])
	by pike.osd.bsdi.com (8.11.1/8.9.3) with ESMTP id eB80dD735115;
	Thu, 7 Dec 2000 16:39:13 -0800 (PST)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <XFMail.001207164003.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <v04205507b655db9586be@[216.39.8.88]>
Date: Thu, 07 Dec 2000 16:40:03 -0800 (PST)
From: John Baldwin <jhb@FreeBSD.org>
To: Jim Browne <jbrowne@jbrowne.com>
Subject: Re: More on BTX halted / crashes trying to use -stable /boot/loa
Cc: freebsd-hackers@FreeBSD.org, freebsd-stable@FreeBSD.org,
	Matt Dillon <dillon@earth.backplane.com>,
	Mike Smith <msmith@FreeBSD.org>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 08-Dec-00 Jim Browne wrote:
> At 16:02 -0800 12/7/00, Jim Browne wrote:
>>When TFTP tries to open a file, it is expecting struct open_file 
>>member f_devdata to be a pointer to a socket number.  When currdev 
>>is "pxe", that assumption is correct.  When currdev is "disk*", that 
>>assumption is incorrect.  Specifically, tftp.c does:
>>
>>tftpfile->iodesc = io = socktodesc(*(int *) (f->f_devdata));
>>
>>In my case, that often winds up making tftpfile->iodesc = 0.  That 
>>parameter is later passed in tftp_makereq to sendrecv as the iodesc, 
>>which via sendudp (and possibly the ARP functions) winds up calling 
>>netif_put.  netif_put derefs the bogus iodesc to get a function 
>>pointer for the put function of the network interface and calls it. 
>>WHAM.  QED. :)
> 
> How does this look?
> 
> *** tftp.c      Thu Dec  7 16:20:02 2000
> --- tftp2.c     Thu Dec  7 16:20:55 2000
> *************** tftp_open(path, f)
> *** 257,260 ****
> --- 257,262 ----
>  
>          tftpfile->iodesc = io = socktodesc(*(int *) (f->f_devdata));
> +       if (io == NULL)
> +               return (EINVAL);
>          io->destip = servip;
>          tftpfile->off = 0;
> 
> (I suppose I could have included this earlier.  Ugh.)

Looks fine to me..

-- 

John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message