kern/139059: zfs(64bit) nfs server fails open(..., O_WRONLY|O_CREAT|O_EXCL, ...)

[Daniel Braniss]

>Number:         139059
>Category:       kern
>Synopsis:       zfs(64bit) nfs server fails open(..., O_WRONLY|O_CREAT|O_EXCL, ...)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 22 12:30:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Daniel Braniss
>Release:        FreeBSD 7.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD sunfire 7.2-STABLE FreeBSD 7.2-STABLE #29: Tue Jun 30 13:04:10 IDT 2009 danny at sunfire:/r+d/obj/sunfire/r+d/7/sys/HUJI amd64


	
>Description:
        if client's ip address last octet is > 127(0x7f), an open(2) with
        flag O_EXCL fails. This is true for zfs server running 64 bit
        8-RC, 7-STABLE.

        the problem (as far as we can tell) is the "create verifier" field in the
        NFS packet. FreeBSD client uses for this field the IP address followed by 
        a serial (that is incremented by every call), but the server treats it as 
        a timespec value using the first four bytes (in network order) as seconds 
        and the next four as nanoseconds.

        when the last octet of the IP address is larger than 127 the resulting
        timespec seconds value is negative (larger than 0x7fffffff) and that probably
        (haven't looked into the ZFS code) causes problem with the ZFS layer (this 
        value is passed to the ZFS as the atime for the newly created file)

>How-To-Repeat:
        use the code from http://www.freebsd.org/cgi/query-pr.cgi?pr=138803,
        on an zfs/nfs server running amd64, from a client whose IP address
        is n.n.n.m where m is > 127

>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted: