Date: Thu, 29 Mar 2001 01:34:58 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: John Baldwin <jhb@FreeBSD.ORG> Cc: Terry Lambert <tlambert@primenet.com>, current@FreeBSD.ORG Subject: RE: Fun way to panic -current Message-ID: <Pine.BSF.4.21.0103290119520.26647-100000@besplex.bde.org> In-Reply-To: <XFMail.010328035902.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Mar 2001, John Baldwin wrote: > On 28-Mar-01 Terry Lambert wrote: > > Run the 4.3 mountd on it. > > > > Boom! Kernel memory allocation way to large; unrecoverable! Does this really panic -current? It panics old versions of -current, and the -current mountd panics RELENG_4, but current versions of -current are supposed to check the parameters passwd by mountd (etc.) enough to avoid the panic. > Yes, struct ucred sucks. In -current the userland now uses a static struct > xucred that doesn't contain things like mutexes and thus mountd shouldn't crash > in current anymore when struct ucred changes size. Too bad we can't retrofit > that. :( But we did retrofit binary compatibility of ucred stuff. struct xucred in -current has the same size and layout as struct ucred in RELENG_4. This should make old mountd's binary compatible with -current kernels and -current mountd's compatible with RELENG_4 kernels. However, the binary compatibility of struct export_args was broken at the same time that struct ucred was unbroken, by changing some fields from int to char. The -current mountd puts stack garbage in the padding after the chars, and RELENG_4 kernels interpret the garbage as high bits and do malloc(TOOBIG). bzero()ing the struct in mountd "fixed" the problem. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103290119520.26647-100000>