netbsd-bugs: kern/28194: portalfs broken, missing call to unp

Subject: kern/28194: portalfs broken, missing call to unp_externalize?
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Andrew Brown <atatat@atatdot.net>
List: netbsd-bugs
Date: 11/11/2004 03:13:00

>Number:         28194
>Category:       kern
>Synopsis:       portalfs broken, missing call to unp_externalize?
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 11 03:13:00 +0000 2004
>Originator:     TheMan
>Release:        2.99.10
>Organization:
none
>Environment:
	
System: NetBSD this 2.99.10 NetBSD 2.99.10 (THAT) #357: Wed Nov 10 19:39:12 EST 2004  andrew@this:/usr/src/sys/arch/i386/compile/THAT i386


>Description:

	portalfs makes machine panic.  i've dug through the code and
	it seems that the fd that mount_portal passes back to
	portal_open is processed by unp_internalize() but is somehow
	missing a pass through unp_externalize(), so portal_open()
	ends up using the pointer to the struct file as if it were a
	file descriptor.

>How-To-Repeat:

	mount a portalfs and use it?

>Fix:

	not sure yet.  i'm filing this so that someone else can try to
	take a whack at this while i try to figure it out myself.