From owner-freebsd-current@FreeBSD.ORG  Wed Oct  7 20:08:47 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 646D6106568B;
	Wed,  7 Oct 2009 20:08:47 +0000 (UTC)
	(envelope-from jamie@FreeBSD.org)
Received: from gritton.org (gritton.org [161.58.222.4])
	by mx1.freebsd.org (Postfix) with ESMTP id 283808FC1F;
	Wed,  7 Oct 2009 20:08:47 +0000 (UTC)
Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net
	[198.65.168.24]) (authenticated bits=0)
	by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n97K8juR097151;
	Wed, 7 Oct 2009 14:08:46 -0600 (MDT)
Message-ID: <4ACCF548.2070200@FreeBSD.org>
Date: Wed, 07 Oct 2009 14:08:40 -0600
From: Jamie Gritton <jamie@FreeBSD.org>
User-Agent: Thunderbird 2.0.0.19 (X11/20090109)
MIME-Version: 1.0
To: Rick Macklem <rmacklem@uoguelph.ca>
References: <FD184B4B-517F-470E-BAC8-DD0795983C2B@mac.com>
	<4ABD4BB9.1030804@FreeBSD.org>
	<alpine.BSF.2.00.0909270045590.31373@fledge.watson.org>
	<Pine.GSO.4.63.0910061918380.503@muncher.cs.uoguelph.ca>
In-Reply-To: <Pine.GSO.4.63.0910061918380.503@muncher.cs.uoguelph.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: stable@FreeBSD.org, Marcel Moolenaar <xcllnt@mac.com>,
	Robert Watson <rwatson@FreeBSD.org>,
	"current@freebsd.org mailing list" <current@FreeBSD.org>
Subject: Re: 8.0-RC1: kernel page fault in NLM master thread (VIMAGE or ZFS
 related?)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 20:08:47 -0000

Rick Macklem wrote:
> On Sun, 27 Sep 2009, Robert Watson wrote:
>> On Fri, 25 Sep 2009, Jamie Gritton wrote:
>>
>>> It seems to be NFS related.  I think the null pointer in question is 
>>> from the export's anonymous credential.  Try the patch below and see 
>>> if it helps (which I guess means run it overnight and see if it 
>>> crashes again).  I've also patched a similar missing cred prison in 
>>> GSS_SVC, since I'm not versed enough in NFS/RPC stuff to know if it 
>>> might be the problem.
>>
>> This is one of the reasons I really dislike "magic" credentials and 
>> special handling of NULL credentials -- they always get into code the 
>> author doesn't expect, and either there are bad pointer dereferences, 
>> or incorrect security decisions.  It's almost always the case that a 
>> correct credential should have been cached or generated at some 
>> earlier point to represent the security context...
>>
> I don't really understand prisons/jails, but would creating these
> credentials via:
>     crdup(td->td_ucred); // duplicating the daemon thread's cred
>     - and then replacing the <uid,gids>
> make sense as an alternative to starting with crget()?
> (ie. All the other stuff except <uid,gids> would be "inherited" from the
> credential for the daemon thread.)

That sounds right to me for cases when the cred is based on passed
UID/GIDs. Perhaps you'd want to use the UID-changing helper functions on
kern_prot.c, or perhaps a new helper or helpers just for the circumstance.

- Jamie