kern/113387: [PATCH] possibly improper MFC in sys/nfsclient/nfs_socket.c

Andre Albsmeier andre at
Tue Jun 5 19:40:03 UTC 2007

>Number:         113387
>Category:       kern
>Synopsis:       [PATCH] possibly improper MFC in sys/nfsclient/nfs_socket.c
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 05 19:40:02 GMT 2007
>Originator:     Andre Albsmeier
>Release:        FreeBSD 6.2-STABLE i386

System: FreeBSD 6.2-STABLE #0: Thu May 17 14:17:47 CEST 2007


Rev 1.138 of nfs_socket.c fixed some bugs in -current:;r2=1.138

Rev 1.139 apparently was a fix to the previous commit:;r2=1.139

If I understand the code correctly, Rev 1.138 introduced a
new, corrected way of calculating "len" but the result was
ineffective because the subsequent 'bcopy(mtod(mp,...' line
was not removed. This was fixed by Rev 1.139.

Later, the first patch was MFC'ed to -STABLE:;r2=

However, the 'bcopy(mtod(mp,...' line is still in STABLE's
version of nfs_socket.c what seems to be wrong.


Examine the links above and/or sys/nfsclient/nfs_socket.c



--- sys/nfsclient/nfs_socket.c.ORI	Wed Feb 28 16:42:10 2007
+++ sys/nfsclient/nfs_socket.c	Tue Jun  5 20:56:02 2007
@@ -922,7 +922,6 @@
 				goto mark_reconnect;
-			bcopy(mtod(mp, u_int32_t *), &len, sizeof(len));
 			len = ntohl(len) & ~0x80000000;


More information about the freebsd-bugs mailing list