From girgen@rambutan.pingpong.net  Tue Dec  7 11:56:16 2004
Return-Path: <girgen@rambutan.pingpong.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 556D416A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Dec 2004 11:56:16 +0000 (GMT)
Received: from rambutan.pingpong.net (81.milagro.bahnhof.net [195.178.168.81])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F33643D31
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Dec 2004 11:56:15 +0000 (GMT)
	(envelope-from girgen@rambutan.pingpong.net)
Received: from rambutan.pingpong.net (localhost [127.0.0.1])
	by rambutan.pingpong.net (8.12.11/8.12.11) with ESMTP id iB7BuDhY077346
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 7 Dec 2004 12:56:13 +0100 (CET)
	(envelope-from girgen@rambutan.pingpong.net)
Received: (from girgen@localhost)
	by rambutan.pingpong.net (8.12.11/8.12.11/Submit) id iB7BuDHE077345;
	Tue, 7 Dec 2004 12:56:13 +0100 (CET)
	(envelope-from girgen)
Message-Id: <200412071156.iB7BuDHE077345@rambutan.pingpong.net>
Date: Tue, 7 Dec 2004 12:56:13 +0100 (CET)
From: Palle Girgensohn <girgen@freebsd.org>
Reply-To: Palle Girgensohn <girgen@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: df, nfs mount, negative Avail -> 32/64-bit confusion
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         74811
>Category:       amd64
>Synopsis:       [nfs] df, nfs mount, negative Avail -> 32/64-bit confusion
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    linimon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 07 12:00:54 GMT 2004
>Closed-Date:    Sun Jan 27 08:37:18 UTC 2008
>Last-Modified:  Sun Jan 27 08:37:18 UTC 2008
>Originator:     Palle Girgensohn
>Release:        FreeBSD 5.3-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD rambutan.pingpong.net 4.10-RELEASE FreeBSD 4.10-RELEASE #2: Mon Jun 21 17:45:46 CEST 2004 girgen@banan.pingpong.net:/usr/obj/usr/src/sys/WORKSTATION i386


	
>Description:

using FreeBSD 5.3 amd64 as nfs client
      FreeBSD 4.10 i386 as nfs server

when a disk is filled up over 100%, Avail becomes negative on the
server, but hugely postive on the 64-bit platform. Not very
surprising, but still a bug... :)

4.10 i386 server:
Filesystem         1K-blocks     Used   Avail Capacity  Mounted on
/dev/da6s1f         17388202 16153532 -156386   101%    /dumps/0

5.3  amd64 client:
Filesystem                    1K-blocks     Used             Avail Capacity  Mounted on
banan:/dumps/0                 17388202 16153532 18014398509325598     0%    /mnt


	
>How-To-Repeat:
1. fill up a volume on FreeBSD 4.10 i386 to 101%
2. nfs mount this system on a FreeBSD 5.3 amd64 system
3. df on the 5.3 amd64 system reveals LOTS of space on the volume. :)

	
>Fix:

	


>Release-Note:
>Audit-Trail:

From: Bruce Evans <bde@zeta.org.au>
To: Palle Girgensohn <girgen@freebsd.org>
Cc: FreeBSD-gnats-submit@freebsd.org, freebsd-amd64@freebsd.org
Subject: Re: amd64/74811: df, nfs mount, negative Avail -> 32/64-bit confusion
Date: Fri, 10 Dec 2004 11:25:42 +1100 (EST)

 On Tue, 7 Dec 2004, Palle Girgensohn wrote:
 
 > >Description:
 >
 > using FreeBSD 5.3 amd64 as nfs client
 >       FreeBSD 4.10 i386 as nfs server
 
 The combination of client and server is critical for demonstrating this
 bug.  Broken servers don't implement negative avail counts.  FreeBSD-5's
 server was broken in rev.1.140 of nfs_serv.c to "fix" the problem
 reported in this PR.  FreeBSD-4's server remains unbroken.
 
 > when a disk is filled up over 100%, Avail becomes negative on the
 > server, but hugely postive on the 64-bit platform. Not very
 > surprising, but still a bug... :)
 >
 > 4.10 i386 server:
 > Filesystem         1K-blocks     Used   Avail Capacity  Mounted on
 > /dev/da6s1f         17388202 16153532 -156386   101%    /dumps/0
 >
 > 5.3  amd64 client:
 > Filesystem                    1K-blocks     Used             Avail Capacity  Mounted on
 > banan:/dumps/0                 17388202 16153532 18014398509325598     0%    /mnt
 
 This is caused by sign extension/overflow bugs in nfs_vfsops.c.  From
 the version in FreeBSD-5.3 (rev.1.158):
 
 % 	u_quad_t tquad;
 % ...
 % 			tquad = fxdr_hyper(&sfp->sf_abytes);
 % 			if (((long)(tquad / bsize) > LONG_MAX) ||
   			     ^^^^^^^^^^^^^^^^^^^^^
 % 			    ((long)(tquad / bsize) < LONG_MIN))
   			     ^^^^^^^^^^^^^^^^^^^^^
 % 				continue;
 % 			sbp->f_bavail = tquad / bsize;
 % 			                ^^^^^^^^^^^^^
 
 -156386 1K-blocks is passed by the server as (uint64_t)(-156386 * 1024) =
 (2**64 - 156386 * 1024).  It needs to be converted back to a signed
 quantity before dividing it by bsize, but this is not done.  tquad is
 still (2**64 - 156386 * 1024).  bsize is always 512 in FreeBSD-5.3
 (**).  The division gives the wrong value (2**55 - 156386 * 2).  This
 is passed back to userland.  It is a block count in 512-blocks, so df
 divides it by 2 to convert to 1K-blocks.  The final value printed is
 (2**54 - 156386) = 18014398509325598.
 
 The magic number 18014398509325598 is easy to recognize.  2**64 is
 1844..., so huge values starting with the digits 18 are often
 misrepresentations of small negative values converted to uint64_t.
 Here the value is 1801... instead of 1844..., and on closer examination
 has 3 fewer digits.  It is just the corresponding 1844... value divided
 by 2**10 = 1024 to convert to 1K-blocks.  Applications like df could
 recognize such magic numbers (not so) similarly and fix them up, but
 shouldn't have to.
 
 (*) Other aspects of this bug include the code that doubles bsize
 actually being executed in some versions of FreeBSD on some machines,
 including -current on i386's.  It is broken and gives a kernel panic
 for division by bsize = 0 for about half of all possible values for
 negative available space, including all values that are likely to occur
 (small negative ones).  See PR 56606 for more details of older aspects
 of this bug suite.  There are many newer ones.
 
 Bruce
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Tue Sep 18 00:35:32 UTC 2007 
State-Changed-Why:  
To submitter: is this bug still present in 6.2 or -current?  If it's a 
4.x-only problem, it's time to close it, since 4.x is no longer supported. 


Responsible-Changed-From-To: freebsd-amd64->linimon 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Sep 18 00:35:32 UTC 2007 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=74811 

From: Palle Girgensohn <girgen@pingpong.net>
To: bug-followup@FreeBSD.org, girgen@freebsd.org
Cc:  
Subject: Re: amd64/74811: [nfs] df, nfs mount, negative Avail -&gt;
 32/64-bit confusion
Date: Tue, 18 Sep 2007 16:59:24 +0200

 I don't have a similar set-up anymore, so I cannot test this, but I'm 
 pretty sure you can close it.
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Sun Jan 27 08:36:56 UTC 2008 
State-Changed-Why:  
It sounds as though this problem is now OBE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74811 
>Unformatted:
