From root@khavrinen.lcs.mit.edu  Wed Nov 30 13:32:26 1994
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.26.0.162]) by freefall.cdrom.com (8.6.8/8.6.6) with ESMTP id NAA21007 for <FreeBSD-gnats-submit@freefall.cdrom.com>; Wed, 30 Nov 1994 13:27:10 -0800
Received: (from root@localhost) by khavrinen.lcs.mit.edu (8.6.9/8.6.6) id QAA00255; Wed, 30 Nov 1994 16:27:09 -0500
Message-Id: <199411302127.QAA00255@khavrinen.lcs.mit.edu>
Date: Wed, 30 Nov 1994 16:27:09 -0500
From: wollman@khavrinen.lcs.mit.edu
Reply-To: wollman@khavrinen.lcs.mit.edu
To: FreeBSD-gnats-submit@freefall.cdrom.com
Subject: nullfs and union mounts can result in wild pointer refs
X-Send-Pr-Version: 3.2

>Number:         34
>Category:       kern
>Synopsis:       nullfs and union mounts can result in wild pointer refs
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    davidg
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 30 13:40:00 1994
>Closed-Date:    Fri May 23 10:12:44 PDT 1997
>Last-Modified:  Fri May 23 10:13:15 PDT 1997
>Originator:     Garrett A. Wollman
>Release:        FreeBSD 2.0.1-Development i386
>Organization:
MIT Laboratory for Computer Science
>Environment:

	-current kernel as of today
	union mounts as follows:
	mount -t null -o rw,union /home/src2 /usr/src
	mount -t null -o rw,union /usr/local/src3 /usr/src
	(NB: ports lives in /usr/local/src3)

>Description:

	trying to make `xv' in /usr/src/ports/x11/xv causes a bogus memory
	reference in both static and dynamic nullfs kernels:

	_null_bypass+0x48: movl 0x18(%eax),%eax
	
	%eax here is zero.  The panic happens when patch is attempting
	to apply the patches.

>How-To-Repeat:

	Log into my system and try to compile `xv'	

>Fix:
	
	work-around is to compile in /usr/local/src3/ports/x11/xv
	(I hope)


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: core->davidg 
Responsible-Changed-By: pst 
Responsible-Changed-When: Tue Feb 6 22:08:44 PST 1996 
Responsible-Changed-Why:  
David, is this bug still valid? If so, could you pass it off to the right 
person? 
State-Changed-From-To: open->closed 
State-Changed-By: dfr 
State-Changed-When: Fri May 23 10:12:44 PDT 1997 
State-Changed-Why:  
This problem doesn't show up in current.  It was either fixed by Lite2 or 
by kato@freebsd.org's fixes to nullfs and unionfs. 
>Unformatted:


