From trost@cloud.rain.com Tue Mar  9 21:31:00 1999
Return-Path: <trost@cloud.rain.com>
Received: from jli.com (jli.com [199.2.111.1])
	by hub.freebsd.org (Postfix) with SMTP id 9F6D514C58
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  9 Mar 1999 21:30:59 -0800 (PST)
	(envelope-from trost@cloud.rain.com)
Received: (qmail 17693 invoked by uid 4); 10 Mar 1999 05:29:49 -0000
Received: (qmail 557 invoked by uid 236); 10 Mar 1999 05:28:00 -0000
Message-Id: <19990310052800.556.qmail@grey.cloud.rain.com>
Date: 10 Mar 1999 05:28:00 -0000
From: trost@cloud.rain.com
Reply-To: trost@cloud.rain.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: can't exec files under nullfs
X-Send-Pr-Version: 3.2

>Number:         10520
>Category:       kern
>Synopsis:       can't exec files under nullfs
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    bp
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar  9 21:40:01 PST 1999
>Closed-Date:    Mon Jun 25 21:29:13 PDT 2001
>Last-Modified:  Mon Jun 25 21:31:00 PDT 2001
>Originator:     Bill Trost
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
Trost Computing
>Environment:

Pentium-class machine, nullfs as a loadable kernel module, cvsup'd as
of the afternoon (PST) of 3/8/1999.  I don't know what else you might want,
but I have RCS'd a copy of the kernel config in case that would be useful.

>Description:

Exec'ing programs via a nullfs mount can result in the program not
running or the OS crashing.

>How-To-Repeat:

Two different failure modes:

	for d in src obj; do mount -t null /mnt/usr/$d /usr/$d; done
	cd /usr/src
	make buildworld

"make buildworld" fails when it first tries to execute the bootstrap make,
to the tune of the make program not being in the right format.

The more dramatic failure is accomplished by:

	mount /tmp/foo /tmp/bar
	cp /usr/bin/true /tmp/bar/
	/tmp/bar/true

This causes a kernel page fault:

	fault addr = 0x40
	fault code = supervisor read, page not present
	interrupt mask = net bio cam
	trap # = 12

ddb traceback says:

	ffs_getpages + 0x108
	_end at 0xf07944b5
	vnode_pager_getpages
	exec_map_first_page
	execve
	syscall

I can provide more detail if that would be useful.

>Fix:
	
Nothing beyond "Don't do that."


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->bp 
Responsible-Changed-By: phantom 
Responsible-Changed-When: Sun Oct 22 07:35:41 PDT 2000 
Responsible-Changed-Why:  
One more victim for nullfs guru 

http://www.freebsd.org/cgi/query-pr.cgi?pr=10520 
State-Changed-From-To: open->closed 
State-Changed-By: bp 
State-Changed-When: Mon Jun 25 21:29:13 PDT 2001 
State-Changed-Why:  
Most of nullfs bugs fixed in the -current and RELENG_4. 
Files can now be executed from nullfs mount. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=10520 
>Unformatted:
