From dk@dao.genesyslab.com  Thu Nov 20 02:18:55 1997
Received: from nirvana.genesyslab.com (nirvana.genesyslab.com [204.94.142.10])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA26615
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Nov 1997 02:18:55 -0800 (PST)
          (envelope-from dk@dao.genesyslab.com)
Received: from dao.genesyslab.com (Dao.genesyslab.com [204.94.142.146]) by nirvana.genesyslab.com (Guinness/Extra Stout) with ESMTP id CAA23227 for <FreeBSD-gnats-submit@freebsd.org>; Thu, 20 Nov 1997 02:18:48 -0800 (PST)
Received: (from dk@localhost) by dao.genesyslab.com (8.8.5/8.7.3) id CAA20081; Thu, 20 Nov 1997 02:18:49 -0800 (PST)
Message-Id: <199711201018.CAA20081@dao.genesyslab.com>
Date: Thu, 20 Nov 1997 02:18:49 -0800 (PST)
From: dk@farm.org
Reply-To: dk@farm.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: we can crash netapp by weird mount options
X-Send-Pr-Version: 3.2

>Number:         5102
>Category:       kern
>Synopsis:       freebsd NFS client with obscure mount options crash netapp server
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    peter
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 20 02:20:01 PST 1997
>Closed-Date:    Wed May 20 01:09:01 PDT 1998
>Last-Modified:  Wed May 20 01:12:45 PDT 1998
>Originator:     Dmitry Kohmanyuk
>Release:        FreeBSD 2.2-STABLE i386
>Organization:
FARM Computing Association
>Environment:

I use 2.2-stable with NFS in kernel.  the same bug should
exist in 3.0 (the code fragment didn't change).

>Description:

quote mail message:

 <<<
this is only relevant to those using NetApp NFS file servers.

background:

there are 2 versions of NFS in town, v2 and v3.  In v3, one of
things introduced was ability to read names of files in directory
with stat(2)ing them at the same time;  the procedure name is 
readdirplus.  It can be used to speed up programs like ls(1).

Apparently, NFS code in FreeBSD 2.2 (derived from 4.4BSD code, so
perhaps this applies to all of modern BSD systems here) allow client
to specify this in mount options without using NFS v3.

This meaningless set of options panics NetApp file server.
 >>>

>How-To-Repeat:

fstab entry:
filer:/dir	/nfs/dir	nfs	noauto,rw,nodev,-2,-l,-i,-b 0 0

of those, the combination of -2 and -l (ell) is important.

of course, this is not our problem that the server crashes. 
the problem is that the client sends illegal requests using NFS v2.
using the same mount flags with SunOS 4.1.x results in no files
visible in mounted directory.

>Fix:

tested on 2.2, should apply on -current too (this code fragment didn't change)

--- nfs_bio.c.ok	Wed Nov  5 20:11:17 1997
+++ nfs_bio.c	Wed Nov  5 20:14:06 1997
@@ -1031,6 +1031,8 @@
 	    case VDIR:
 		nfsstats.readdir_bios++;
 		uiop->uio_offset = ((u_quad_t)bp->b_lblkno) * NFS_DIRBLKSIZ;
+		if (!(nmp->nm_flag & NFSMNT_NFSV3))
+			nmp->nm_flag &= ~NFSMNT_RDIRPLUS;	/* dk@farm.org */
 		if (nmp->nm_flag & NFSMNT_RDIRPLUS) {
 			error = nfs_readdirplusrpc(vp, uiop, cr);
 			if (error == NFSERR_NOTSUPP)

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: steve 
State-Changed-When: Sat Mar 28 08:06:16 PST 1998 
State-Changed-Why:  
Patch committed to -current. 


Responsible-Changed-From-To: freebsd-bugs->steve 
Responsible-Changed-By: steve 
Responsible-Changed-When: Sat Mar 28 08:06:16 PST 1998 
Responsible-Changed-Why:  
Flames to me is this doesn't work. 
State-Changed-From-To: feedback->closed 
State-Changed-By: peter 
State-Changed-When: Wed May 20 01:09:01 PDT 1998 
State-Changed-Why:  
Slightly different changes applied to -current and -stable, revs 1.61 of 
nfs_vfsops.c and 1.30.2.6. 


Responsible-Changed-From-To: steve->peter 
Responsible-Changed-By: peter 
Responsible-Changed-When: Wed May 20 01:09:01 PDT 1998 
Responsible-Changed-Why:  
Blame me if I broke it again.. 
>Unformatted:
Dmitry Kohmanyuk
