From nobody  Tue Mar 25 18:54:03 1997
Received: (from nobody@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id SAA07959;
          Tue, 25 Mar 1997 18:54:03 -0800 (PST)
Message-Id: <199703260254.SAA07959@freefall.freebsd.org>
Date: Tue, 25 Mar 1997 18:54:03 -0800 (PST)
From: hannibal@cyberstation.net
To: freebsd-gnats-submit@freebsd.org
Subject: Cannot execute files on a nullfs filesystem.
X-Send-Pr-Version: www-1.0

>Number:         3104
>Category:       kern
>Synopsis:       Cannot execute files on a nullfs filesystem.
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 25 19:00:01 PST 1997
>Closed-Date:    Thu Sep 18 11:33:28 PDT 1997
>Last-Modified:  Thu Sep 18 11:33:46 PDT 1997
>Originator:     Dan Walters
>Release:        FreeBSD 3.0-CURRENT (post-Lite/2 merge)
>Organization:
Cyberstation, Inc.
>Environment:
FreeBSD hell.hia.org 3.0-CURRENT FreeBSD 3.0-CURRENT #0: Tue Mar 25 03:58:42 CST 1997     hannibal@hell.hia.org:/usr/src/sys/compile/HELL  i386

P133 with AHA2940
>Description:
Executing binaries on a nullfs (or nullfs-based) filesystem results in
a trap - looks like the image header is supposed to be loaded in with
vm_mmap(), but the address is invalid by the time exec_aout_imgact()
tries to examine it.  (I assume mmap() doesn't work either, but havn't
checked.)

(kgdb) info stack
...
#7  0xf018f11f in trap_fatal (frame=0xefbffaf0) at ../../i386/i386/trap.c:738
#8  0xf018ec18 in trap_pfault (frame=0xefbffaf0, usermode=0) at ../../i386/i386/trap.c:653
#9  0xf018e8b7 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272630788, tf_esi = 0, 
      tf_ebp = -272630844, tf_isp = -272631016, tf_ebx = 1, tf_edx = 12, tf_ecx = -272630660, 
      tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -165861213, tf_cs = 8, tf_eflags = 66118, 
      tf_esp = 0, tf_ss = 2}) at ../../i386/i386/trap.c:311
#10 0xf61d28a3 in ?? ()
#11 0xf018022a in vnode_pager_haspage (object=0xf21bbb00, pindex=0, before=0xefbffc80, 
    after=0xefbffc7c) at vnode_if.h:879
#12 0xf017f6af in vm_pager_has_page (object=0xf21bbb00, offset=0, before=0xefbffc80, 
    after=0xefbffc7c) at ../../vm/vm_pager.c:209
#13 0xf0175b41 in vm_fault_additional_pages (m=0xf097a7d8, rbehind=3, rahead=4, marray=0xefbffd18, 
    reqpage=0xefbffcec) at ../../vm/vm_fault.c:1102
#14 0xf0174f0a in vm_fault (map=0xf1eecd00, vaddr=4126949376, fault_type=1 '\001', change_wiring=0)
    at ../../vm/vm_fault.c:418
#15 0xf018ebc8 in trap_pfault (frame=0xefbffd98, usermode=0) at ../../i386/i386/trap.c:642
#16 0xf018e8b7 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -272630120, tf_esi = -168017920, 
      tf_ebp = -272630272, tf_isp = -272630336, tf_ebx = 0, tf_edx = -233398528, 
      tf_ecx = -272630120, tf_eax = -267369760, tf_trapno = 12, tf_err = 0, tf_eip = -267369737, 
      tf_cs = 8, tf_eflags = 66178, tf_esp = 0, tf_ss = 0}) at ../../i386/i386/trap.c:311
#17 0xf01042f7 in exec_aout_imgact (imgp=0xefbffe98) at ../../kern/imgact_aout.c:58
#18 0xf010a6bf in execve (p=0xf21bac00, uap=0xefbfff94, retval=0xefbfff84)
    at ../../kern/kern_exec.c:197
#19 0xf018f3d7 in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 410632, tf_esi = 499848, 
      tf_ebp = -272650580, tf_isp = -272629788, tf_ebx = 135147616, tf_edx = 499880, 
      tf_ecx = 410632, tf_eax = 59, tf_trapno = 12, tf_err = 7, tf_eip = 134868577, tf_cs = 31, 
      tf_eflags = 658, tf_esp = -272650600, tf_ss = 39}) at ../../i386/i386/trap.c:890
...
(kgdb) frame 17
#17 0xf01042f7 in exec_aout_imgact (imgp=0xefbffe98) at ../../kern/imgact_aout.c:58
58              struct vmspace *vmspace = imgp->proc->p_vmspace;
(kgdb) p *imgp
$1 = {proc = 0xf21bac00, uap = 0xefbfff94, vp = 0xf2195a80, attr = 0xefbffe38, 
  image_header = 0xf5fc4000 <Address 0xf5fc4000 out of bounds>, 
  stringbase = 0xf5ec4000 <Address 0xf5ec4000 out of bounds>, 
  stringp = 0xf5ec4000 <Address 0xf5ec4000 out of bounds>, stringspace = 65536, argc = 0, envc = 0, 
  entry_addr = 0, vmspace_destroyed = 0 '\000', interpreted = 0 '\000', 
  interpreter_name = "\000\0000\016\b\000\237\026\000/\027\002+\000\000\003\000\000\000\000K\000\000\005\000 \004\177\000\e\0004\r\000\000\000\000\001\000\000\0004\225\223\000\000\000\000\003\e\000", auxargs = 0x0}

>How-To-Repeat:
mount -t null /usr/bin /mnt
cd /mnt
./id
>Fix:

>Release-Note:
>Audit-Trail:

From: Dan Walters <hannibal@cyberstation.net>
To: freebsd-gnats-submit@freebsd.org, hannibal@cyberstation.net
Cc:  Subject: Re: kern/3104: Cannot execute files on a nullfs filesystem.
Date: Wed, 2 Apr 1997 03:36:01 -0600 (CST)

 I (eventually) managed to figure this one out.  The fix is pretty simple:
 
 Index: src/sys/miscfs/nullfs/null_vnops.c
 ===================================================================
 RCS file: /usr/cvs/src/sys/miscfs/nullfs/null_vnops.c,v
 retrieving revision 1.16
 diff -c -r1.16 null_vnops.c
 *** null_vnops.c	1997/02/22 09:40:22	1.16
 --- null_vnops.c	1997/04/02 09:16:31
 ***************
 *** 330,336 ****
   			goto out;
   		vppp = VOPARG_OFFSETTO(struct vnode***,
   				 descp->vdesc_vpp_offset,ap);
 ! 		error = null_node_create(old_vps[0]->v_mount, **vppp, *vppp);
   	}
   
    out:
 --- 330,337 ----
   			goto out;
   		vppp = VOPARG_OFFSETTO(struct vnode***,
   				 descp->vdesc_vpp_offset,ap);
 ! 		if (*vppp)
 ! 			error = null_node_create(old_vps[0]->v_mount, **vppp, *vppp);
   	}
   
    out:
 
 The problem occurred with the first VOP_BMAP in vnode_pager_haspage(),
 which gives a NULL vpp.  The same change also needs to be made to umapfs,
 I believe unionfs is OK though.
 
 If somebody actually reads this, e-mail me to let me know that I don't
 need to send this to -hackers for someone to see it.  :)
 
 ======================================================================
 Dan Walters
 hannibal@cyberstation.net
 ======================================================================
 
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Thu Sep 18 11:33:28 PDT 1997 
State-Changed-Why:  
applied in nullfs and umapfs. 
>Unformatted:
