netbsd-bugs: kern/5140: if network mountroot fails, interface remains configured

Subject: kern/5140: if network mountroot fails, interface remains configured
To: None <gnats-bugs@gnats.netbsd.org>
From: None <cgd@NetBSD.ORG>
List: netbsd-bugs
Date: 03/09/1998 16:49:42
>Number:         5140
>Category:       kern
>Synopsis:       if network mountroot fails, interface remains configured
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Mar  9 17:05:01 1998
>Last-Modified:
>Originator:     Chris G. Demetriou
>Organization:
Kernel Hackers 'r' Us
>Release:        NetBSD-current as of March 3, 1998.
>Environment:
System: NetBSD brick.demetriou.com 1.3D NetBSD 1.3D (BRICK) #36: Wed Feb 18 21:00:25 PST 1998 cgd@brick.demetriou.com:/usr/src/sys/arch/i386/compile/BRICK i386
(the actual system which demonstrated the problem was an alpha.)


>Description:
	Logically, the mountroot functions should have no side-effects
	on error.  If network (nfs) mountroot fails, the interface used
	to try to do the mountroot remains configured, instead of being
	unconfigured.

	This can lead to a situation where the machine is pingable,
	etc., but is sitting at the "root device:"  prompt.

	It can also lead to a network interface being incorrectly
	configured if a different root device is chosen.

>How-To-Repeat:
	Try to net-boot a system, but set things up so that the
	NFS mountroot fails for some reason.  (In my case, I observed
	the problem when I had only BOOTP boot support compiled into
	the kernel and the root path wouldn't fit into the bootp
	reply packet being sent by the server.  In that case, the
	kernel was able to configure the interface's IP address,
	etc., and respond to pings, but mountroot failed.)

	Note that the interface can remain configured, respond to
	pings, etc., even when you've returned to the "root device:"
	prompt.

	Similarly, note that if booting single-user, if you try a
	NFS mountroot that fails in the fashion described above then
	go on to try a different mountroot (e.g. ffs) that succeeds,
	the interface will remain up.  (Note that I've not actually
	verified that this happens, because I don't have a file
	system on my disk right now...  but it should, given the
	symptoms.)  If the startup scripts don't reconfigure the
	network interface, this can be an annoyance and is a
	potential security problem.

>Fix:
	Undo the interface configuration if the mountroot fails.

	This would be easier to do (you'd only have to do it once,
	rather than once for the dhcp code and once for the
	bootparam code) if the ioctl-calling network configuration
	code were shared between the NFS dhcp and bootparam
	configuration functions, but even as is it should be a
	relatively simple (and duplicated!) job for someone familiar
	with the code.  "I'm not," and I didn't even attempt it.
>Audit-Trail:
>Unformatted: