Subject: Re: kern/34648: Kernel panic when using NFS root and configuring an
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Elad Efrat <elad@NetBSD.org>
List: netbsd-bugs
Date: 09/30/2006 10:30:02 
The following reply was made to PR kern/34648; it has been noted by GNATS.

From: Elad Efrat <elad@NetBSD.org>
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
Cc: gnats-bugs@NetBSD.org
Subject: Re: kern/34648: Kernel panic when using NFS root and configuring an
 interface that needs firmware
Date: Sat, 30 Sep 2006 13:27:13 +0200

 This is a multi-part message in MIME format.
 
 --Boundary_(ID_f7yPnOkye6SCbWj9Ar2dYQ)
 Content-type: text/plain; charset=ISO-8859-1
 Content-transfer-encoding: 7BIT
 
 YAMAMOTO Takashi wrote:
 >> Hi,
 >>
 >> I'm not sure that's the cause for this panic, but it's possible that
 >> it happens because we pass FSCRED from firmware_open() which the NFS
 >> code then tries to dereference.
 > 
 > i think you're right.
 > i have no idea why firmload uses FSCRED.
 > 
 > YAMAMOTO Takashi
 
 I attached the patch I sent to Nino for testing.
 
 -e.
 
 -- 
 Elad Efrat
 
 --Boundary_(ID_f7yPnOkye6SCbWj9Ar2dYQ)
 Content-type: text/plain; name=firmload.c.diff
 Content-transfer-encoding: 7BIT
 Content-disposition: inline; filename=firmload.c.diff
 
 Index: firmload.c
 ===================================================================
 RCS file: /cvsroot/src/sys/dev/firmload.c,v
 retrieving revision 1.3
 diff -u -p -r1.3 firmload.c
 --- firmload.c	14 May 2006 21:42:26 -0000	1.3
 +++ firmload.c	29 Sep 2006 21:10:24 -0000
 @@ -258,17 +258,17 @@ firmware_open(const char *drvname, const
  
  	vp = nd.ni_vp;
  
 -	error = VOP_GETATTR(vp, &va, FSCRED, curlwp);
 +	error = VOP_GETATTR(vp, &va, kauth_cred_get(), curlwp);
  	if (error) {
  		VOP_UNLOCK(vp, 0);
 -		(void)vn_close(vp, FREAD, FSCRED, curlwp);
 +		(void)vn_close(vp, FREAD, kauth_cred_get(), curlwp);
  		firmware_handle_free(fh);
  		return (error);
  	}
  
  	if (va.va_type != VREG) {
  		VOP_UNLOCK(vp, 0);
 -		(void)vn_close(vp, FREAD, FSCRED, curlwp);
 +		(void)vn_close(vp, FREAD, kauth_cred_get(), curlwp);
  		firmware_handle_free(fh);
  		return (EINVAL);
  	}
 @@ -294,7 +294,7 @@ firmware_close(firmware_handle_t fh)
  {
  	int error;
  
 -	error = vn_close(fh->fh_vp, FREAD, FSCRED, curlwp);
 +	error = vn_close(fh->fh_vp, FREAD, kauth_cred_get(), curlwp);
  	firmware_handle_free(fh);
  	return (error);
  }
 @@ -322,7 +322,7 @@ firmware_read(firmware_handle_t fh, off_
  {
  
  	return (vn_rdwr(UIO_READ, fh->fh_vp, buf, len, offset,
 -			UIO_SYSSPACE, 0, FSCRED, NULL, curlwp));
 +			UIO_SYSSPACE, 0, kauth_cred_get(), NULL, curlwp));
  }
  
  /*
 
 --Boundary_(ID_f7yPnOkye6SCbWj9Ar2dYQ)--