From peter@spinner.DIALix.COM  Sat Mar 22 21:46:31 1997
Received: from spinner.DIALix.COM (peter@spinner.dialix.com [192.203.228.67])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA24320
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 22 Mar 1997 21:46:25 -0800 (PST)
Received: (from peter@localhost)
          by spinner.DIALix.COM (8.8.5/8.8.5) id NAA00425;
          Sun, 23 Mar 1997 13:46:19 +0800 (WST)
Message-Id: <199703230546.NAA00425@spinner.DIALix.COM>
Date: Sun, 23 Mar 1997 13:46:19 +0800 (WST)
From: Peter Wemm <peter@spinner.DIALix.COM>
Reply-To: peter@spinner.DIALix.COM
To: FreeBSD-gnats-submit@freebsd.org
Subject: nfs server link() handler panics with non-recursive lock reentry
X-Send-Pr-Version: 3.2

>Number:         3064
>Category:       kern
>Synopsis:       nfs server link() handler panics with non-recursive lock reentry
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 22 21:50:02 PST 1997
>Closed-Date:    Mon Mar 24 21:22:01 PST 1997
>Last-Modified:  Mon Mar 24 21:22:34 PST 1997
>Originator:     Peter Wemm
>Release:        FreeBSD 3.0-CURRENT i386
>Organization:
Not.
>Environment:

A very -current system, but it's been happening since the Lite2 merge.

FreeBSD spinner.DIALix.COM 3.0-CURRENT FreeBSD 3.0-CURRENT #187: Sun Mar 23 01:43:29 WST 1997     peter@spinner.DIALix.COM:/home/src/sys/compile/SPINNER  i386

>Description:

Any machine can crash a -current system that exports filesystems to it.
The nfs_link() code on the server tries to re-aquire a non-recursive lock
when the destination filename already exists.

>How-To-Repeat:

$ cd /nfs/3_0_current_machine/anywhere_writeable
$ touch xx yy
$ ln -f xx yy

At this point, the 3.0-current machine panics with "locking against myself"
meaning that it's tried to reaquire a lock that is not LK_RECURSIVE.

I found this when sharing a .Xauthaurity file between two machines over
local nfs. xauth(1) triggers the bug, especially when ssh does X11
tunneling/xauth forwarding.

>Fix:
	
Not known.. I don't understand vnode locking under lite2 well enough.
>Release-Note:
>Audit-Trail:

From: Peter Wemm <peter@spinner.DIALix.COM>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  Subject: Re: kern/3064: nfs server link() handler panics with non-recursive lock reentry 
Date: Sun, 23 Mar 1997 15:07:32 +0800

 > >Fix:
 > 	
 > Not known.. I don't understand vnode locking under lite2 well enough.
 
 It seems the panic is happening within VOP_LINK(), so nfsrv_link() doesn't 
 appear to be setting up the locking properly when the target file exists.  
 
 panic: lockmgr: locking against myself: pid %d
 #0  0xf01152f7 in boot ()
 (kgdb) where
 #0  0xf01152f7 in boot ()
 #1  0xf010162e in db_fncall ()
 #2  0xf0101365 in db_command ()
 #3  0xf01014e2 in db_command_loop ()
 #4  0xf0103cc8 in db_trap ()
 #5  0xf01b9b0b in kdb_trap ()
 #6  0xf01c2654 in trap ()
 #7  0xf01b9d09 in Debugger ()
 #8  0xf01155ca in panic ()
 #9  0xf0110922 in lockmgr ()
 #10 0xf01a4e2b in ufs_lock ()
 #11 0xf013a7d3 in vn_lock ()
 #12 0xf01a37cb in ufs_link ()
 #13 0xf0167f30 in nfsrv_link ()
 #14 0xf0178538 in nfssvc_nfsd ()
 #15 0xf0177d58 in nfssvc ()
 #16 0xf01c3097 in syscall ()
 
 Interestingly, it looks like nfsrv_link() is supposed to be checking for 
 the existance of the target file, but that's not clear.
 
 Cheers,
 -Peter
 
 
State-Changed-From-To: open->closed 
State-Changed-By: peter 
State-Changed-When: Mon Mar 24 21:22:01 PST 1997 
State-Changed-Why:  
Fixed in ref 1.39 of nfs_serv.c, VOP_LINK() args reversed. 
>Unformatted:
