From nobody@FreeBSD.org  Thu Oct 25 07:58:27 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id BC13337B405
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 25 Oct 2001 07:58:26 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f9PEwQv35935;
	Thu, 25 Oct 2001 07:58:26 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200110251458.f9PEwQv35935@freefall.freebsd.org>
Date: Thu, 25 Oct 2001 07:58:26 -0700 (PDT)
From: Maxim Katargin <kmv@asplinux.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Panic in sysctl_sysctl_next_ls on empy node
X-Send-Pr-Version: www-1.0

>Number:         31490
>Category:       kern
>Synopsis:       [sysctl] [patch] Panic in sysctl_sysctl_next_ls on empy node
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 25 08:00:01 PDT 2001
>Closed-Date:    Fri Nov 16 21:33:35 UTC 2007
>Last-Modified:  Fri Nov 16 21:33:35 UTC 2007
>Originator:     Maxim Katargin
>Release:        4.4
>Organization:
>Environment:
FreeBSD walder.asplinux.ru 4.4-RELEASE FreeBSD 4.4-RELEASE #1: Mon Sep 17 13:29:51 MSD 2001 root@walder.asplinux.ru:/usr/obj/ext/release-4.4/src/sys/WALDER  i386
>Description:
Panic in sysctl_sysctl_next_ls on empy node.
>How-To-Repeat:

>Fix:
Index: kern/kern_sysctl.c
===================================================================
RCS file: /ext/vcvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.92.2.5
diff -u -r1.92.2.5 kern_sysctl.c
--- kern/kern_sysctl.c  2001/06/18 23:48:13     1.92.2.5
+++ kern/kern_sysctl.c  2001/10/25 14:54:42
@@ -528,7 +528,9 @@
        int *next, int *len, int level, struct sysctl_oid **oidpp)
 {
        struct sysctl_oid *oidp;
+       int isnamelen;

+       isnamelen = namelen ? 1 : 0
        *len = level;
        SLIST_FOREACH(oidp, lsp, oid_link) {
                *next = oidp->oid_number;
@@ -572,7 +574,7 @@
                        len, level+1, oidpp))
                        return (0);
        next:
-               namelen = 1;
+               namelen = isnamelen;
                *len = level;
        }
        return 1;

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: iedowse 
State-Changed-When: Sun Dec 1 11:58:48 PST 2002 
State-Changed-Why:  

Could you provide some information about how to repeat the problem 
that the patch is supposed to fix? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=31490 

From: Hiten Pandya <hiten@angelica.unixdaemons.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/31490: Panic in sysctl_sysctl_next_ls on empy node
Date: Tue, 3 Dec 2002 09:56:11 -0500

 Hi there.
 
 This bug happens in 5.0-CURRENT, and it seems that it is a very old bug.
 I have some test code, which was devised by me to find this bug, when it
 was discussed by me, Brian Feldman and Robert Watson; it happened in the
 MAC_DEBUG code.
 
 Test code: http://www.unixdaemons.com/~hiten/work/misc/sysctlbug1.c
 I have attached the test case, and an updated patch with this followup.
 
 TEST CASE:
 ==========
 %----
 /*
  * Code for reproducing Sysctl (empty node) bug.
  */
 
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/sysctl.h>
 #include <sys/kernel.h>
 #include <sys/module.h>
 
 static int bug_load(module_t, int, void *);
 
 SYSCTL_DECL(_bugfoo);
 
 SYSCTL_NODE(, 0, bugfoo, CTLFLAG_RW, 0, "Bugfoo and Family");
 SYSCTL_NODE(_bugfoo, OID_AUTO, mac, CTLFLAG_RW, 0, "Bugfoo and Family");
 SYSCTL_NODE(_bugfoo_mac, OID_AUTO, debug, CTLFLAG_RW, 0, "BF [1]");
 SYSCTL_NODE(_bugfoo_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0, "BF [2]");
 
 static int	mac_debug_label_fallback = 0;
 SYSCTL_INT(_bugfoo_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW,
 &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label"
 "when label is corrupted.");
 
 TUNABLE_INT("bugfoo.mac.debug_label_fallback", &mac_debug_label_fallback);
 
 /* Module initialisation stuff */
 static moduledata_t bugctl_mod = {
 	"bugctl",
 	bug_load,
 	0
 };
 
 static int
 bug_load(module_t mod, int cmd, void *arg)
 {
     int  err = 0;
 
     switch (cmd) {
     case MOD_LOAD:
 
 		printf("Sysctl Bug Manipulation\n");
 		break;          /* Success*/
 	    
     case MOD_UNLOAD:
 	    
 		break;          /* Success */
 	
     default: 
 	err = EINVAL;
         break;
     }
 
     return(err);
 }
 
 /* Now declare the module to the system */
 DECLARE_MODULE(bugctl, bugctl_mod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE);
 ----%
 
 UPDATED PATCH:
 ==============
 
 Index: kern_sysctl.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/kern/kern_sysctl.c,v
 retrieving revision 1.135
 diff -u -r1.135 kern_sysctl.c
 --- kern_sysctl.c	2002/10/27 07:12:34	1.135
 +++ kern_sysctl.c	2002/12/03 14:51:07
 @@ -538,7 +538,10 @@
  	int *next, int *len, int level, struct sysctl_oid **oidpp)
  {
  	struct sysctl_oid *oidp;
 +	int i_namelen;
  
 +	i_namelen = namelen ? 1 : 0;
 +	
  	*len = level;
  	SLIST_FOREACH(oidp, lsp, oid_link) {
  		*next = oidp->oid_number;
 @@ -585,7 +588,7 @@
  			len, level+1, oidpp))
  			return (0);
  	next:
 -		namelen = 1;
 +		namelen = i_namelen;
  		*len = level;
  	}
  	return 1;
 
 Cheers.
 
 -- 
 Hiten Pandya (hiten@unixdaemons.com, hiten@uk.FreeBSD.org)
 http://www.unixdaemons.com/~hiten/
State-Changed-From-To: feedback->closed 
State-Changed-By: kmacy 
State-Changed-When: Fri Nov 16 21:33:10 UTC 2007 
State-Changed-Why:  

No longer present. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=31490 
>Unformatted:
