Date: Sun, 27 Sep 2009 00:47:19 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Jamie Gritton <jamie@FreeBSD.org> Cc: stable@FreeBSD.org, Marcel Moolenaar <xcllnt@mac.com>, "current@freebsd.org mailing list" <current@FreeBSD.org> Subject: Re: 8.0-RC1: kernel page fault in NLM master thread (VIMAGE or ZFS related?) Message-ID: <alpine.BSF.2.00.0909270045590.31373@fledge.watson.org> In-Reply-To: <4ABD4BB9.1030804@FreeBSD.org> References: <FD184B4B-517F-470E-BAC8-DD0795983C2B@mac.com> <4ABD4BB9.1030804@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 25 Sep 2009, Jamie Gritton wrote: > It seems to be NFS related. I think the null pointer in question is from > the export's anonymous credential. Try the patch below and see if it helps > (which I guess means run it overnight and see if it crashes again). I've > also patched a similar missing cred prison in GSS_SVC, since I'm not versed > enough in NFS/RPC stuff to know if it might be the problem. This is one of the reasons I really dislike "magic" credentials and special handling of NULL credentials -- they always get into code the author doesn't expect, and either there are bad pointer dereferences, or incorrect security decisions. It's almost always the case that a correct credential should have been cached or generated at some earlier point to represent the security context... Robert > > - Jamie > > > Index: kern/vfs_export.c > =================================================================== > --- kern/vfs_export.c (revision 197506) > +++ kern/vfs_export.c (working copy) > @@ -122,6 +122,8 @@ > np->netc_anon->cr_uid = argp->ex_anon.cr_uid; > crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, > argp->ex_anon.cr_groups); > + np->netc_anon->cr_prison = &prison0; > + prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors = argp->ex_numsecflavors; > bcopy(argp->ex_secflavors, np->netc_secflavors, > sizeof(np->netc_secflavors)); > @@ -206,6 +208,8 @@ > np->netc_anon->cr_uid = argp->ex_anon.cr_uid; > crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, > np->netc_anon->cr_groups); > + np->netc_anon->cr_prison = &prison0; > + prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors = argp->ex_numsecflavors; > bcopy(argp->ex_secflavors, np->netc_secflavors, > sizeof(np->netc_secflavors)); > Index: rpc/rpcsec_gss/svc_rpcsec_gss.c > =================================================================== > --- rpc/rpcsec_gss/svc_rpcsec_gss.c (revision 197506) > +++ rpc/rpcsec_gss/svc_rpcsec_gss.c (working copy) > @@ -449,6 +449,8 @@ > cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid; > cr->cr_rgid = cr->cr_svgid = uc->gid; > crsetgroups(cr, uc->gidlen, uc->gidlist); > + cr->cr_prison = &prison0; > + prison_hold(cr->cr_prison); > *crp = crhold(cr); > > return (TRUE); > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0909270045590.31373>