From andre@albsmeier.net  Tue Jun  5 19:31:27 2007
Return-Path: <andre@albsmeier.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6834416A421
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  5 Jun 2007 19:31:27 +0000 (UTC)
	(envelope-from andre@albsmeier.net)
Received: from outside.albsmeier.net (outside.albsmeier.net [80.81.31.28])
	by mx1.freebsd.org (Postfix) with ESMTP id EF5EA13C44C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  5 Jun 2007 19:31:26 +0000 (UTC)
	(envelope-from andre@albsmeier.net)
Received: from dipb140784.dig-prov.de (dipb140784.dig-prov.de [195.238.139.22])
	(authenticated bits=128)
	by outside.albsmeier.net (8.14.1/8.14.1) with ESMTP id l55JHuub087935
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 5 Jun 2007 21:17:57 +0200 (CEST)
	(envelope-from andre@albsmeier.net)
Received: from voyager.home.albsmeier.net (root@voyager.home.albsmeier.net [192.168.128.2])
	by gate.home.albsmeier.net (8.14.1/8.14.1) with ESMTP id l55JHu0F065207
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 5 Jun 2007 21:17:56 +0200 (CEST)
	(envelope-from andre@gate.home.albsmeier.net)
Received: from voyager.home.albsmeier.net (andre@localhost [127.0.0.1])
	by voyager.home.albsmeier.net (8.14.1/8.14.1) with ESMTP id l55JHtcg037342
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 5 Jun 2007 21:17:56 +0200 (CEST)
	(envelope-from andre@voyager.home.albsmeier.net)
Received: (from andre@localhost)
	by voyager.home.albsmeier.net (8.14.1/8.14.1/Submit) id l55JHtjn037341;
	Tue, 5 Jun 2007 21:17:55 +0200 (CEST)
	(envelope-from andre)
Message-Id: <200706051917.l55JHtjn037341@voyager.home.albsmeier.net>
Date: Tue, 5 Jun 2007 21:17:55 +0200 (CEST)
From: Andre Albsmeier <andre@albsmeier.net>
Reply-To: Andre Albsmeier <andre@albsmeier.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] possibly improper MFC in sys/nfsclient/nfs_socket.c
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         113387
>Category:       kern
>Synopsis:       [PATCH] possibly improper MFC in sys/nfsclient/nfs_socket.c
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    mohans
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 05 19:40:02 GMT 2007
>Closed-Date:    Fri Jun 08 16:51:47 GMT 2007
>Last-Modified:  Fri Jun  8 17:00:09 GMT 2007
>Originator:     Andre Albsmeier
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
>Environment:

System: FreeBSD 6.2-STABLE #0: Thu May 17 14:17:47 CEST 2007

>Description:

Rev 1.138 of nfs_socket.c fixed some bugs in -current:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/nfsclient/nfs_socket.c.diff?r1=1.137;r2=1.138

Rev 1.139 apparently was a fix to the previous commit:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/nfsclient/nfs_socket.c.diff?r1=1.138;r2=1.139

If I understand the code correctly, Rev 1.138 introduced a
new, corrected way of calculating "len" but the result was
ineffective because the subsequent 'bcopy(mtod(mp,...' line
was not removed. This was fixed by Rev 1.139.

Later, the first patch was MFC'ed to -STABLE:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/nfsclient/nfs_socket.c.diff?r1=1.125.2.10;r2=1.125.2.11

However, the 'bcopy(mtod(mp,...' line is still in STABLE's
version of nfs_socket.c what seems to be wrong.

>How-To-Repeat:

Examine the links above and/or sys/nfsclient/nfs_socket.c

>Fix:

In RELENG_6:

--- sys/nfsclient/nfs_socket.c.ORI	Wed Feb 28 16:42:10 2007
+++ sys/nfsclient/nfs_socket.c	Tue Jun  5 20:56:02 2007
@@ -922,7 +922,6 @@
 				    nmp->nm_mountp->mnt_stat.f_mntfromname);
 				goto mark_reconnect;
 			}				
-			bcopy(mtod(mp, u_int32_t *), &len, sizeof(len));
 			len = ntohl(len) & ~0x80000000;
 			m_freem(mp);
 			/*

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->mohans 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Jun 7 23:36:00 UTC 2007 
Responsible-Changed-Why:  
mohans: it does indeed seem from reading the CVS log that 1.138 was MFCed 
but 1.139 (which fixed 1.138) was not.  Can you take a look at this, please? 
All the related commits are yours.  Thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113387 
State-Changed-From-To: open->closed 
State-Changed-By: jhb 
State-Changed-When: Fri Jun 8 16:51:30 UTC 2007 
State-Changed-Why:  
Fix applied, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113387 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/113387: commit references a PR
Date: Fri,  8 Jun 2007 16:51:26 +0000 (UTC)

 jhb         2007-06-08 16:51:20 UTC
 
   FreeBSD src repository
 
   Modified files:        (Branch: RELENG_6)
     sys/nfsclient        nfs_socket.c 
   Log:
   MFC 1.139: Fix a snafu in the changes in 1.138.
   
   PR:             kern/113387
   Submitted by:   Andre Albsmeier
   
   Revision    Changes    Path
   1.125.2.15  +0 -1      src/sys/nfsclient/nfs_socket.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
