kern/37867: MFS broken in -current

[scw%netbsd.org@localhost]

>Number:         37867
>Category:       kern
>Synopsis:       NULL deref in ffs_mountfs() when Mounting an MFS filesystem
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jan 25 09:55:00 +0000 2008
>Originator:     Steve Woodford
>Release:        NetBSD 4.99.49
>Organization:
>Environment:
System:
NetBSD oor-wullie.mctavish.co.uk 4.99.49 NetBSD 4.99.49 (GENERIC) #3: Fri Jan 
25 09:22:39 GMT 2008 
nobody@nowhere:/export/netbsd/pristine/sys/arch/amd64/compile/GENERIC amd64
Architecture: amd64
Machine: amd64
>Description:
Mounting an MFS filesystem on -current results in the following:

uvm_fault(0xffff800048142560, 0x0, 1) -> e
kernel: page fault trap, code=0
Stopped in pid 152.1 (mount_mfs) at netbsd:ffs_mountfs+0x26: movl 
0x14(%rax),%eax
db{1}> t
ffs_mountfs() at netbsd:ffs_mountfs+0x26
mfs_mount() at netbsd:mfs_mount+0x1ea
VFS_MOUNT() at netbsd:VFS_MOUNT+0x46
do_sys_mount() at netbsd:do_sys_mount+0x501
sys___mount50() at netbsd:sys___mount50+0x33
syscall() at netbsd:syscall+0x14a
db{1}>

The fault is caused by a NULL deref in ffs_mountfs():

    dev = devvp->v_rdev;

This expands to:

    dev = devvp->v_un.vu_specnode->v_rdev

However, vu_specnode is NULL, presumably because MFS is not backed by
a real device.
>How-To-Repeat:
Run mount_mfs(8) on -current.
>Fix: