Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Jun 2009 08:34:30 +0100
From:      Doug Rabson <dfr@rabson.org>
To:        "Bjoern A. Zeeb" <bz@FreeBSD.org>
Cc:        dfr@freebsd.org, freebsd-current@freebsd.org, Michael Moll <kvedulv@kvedulv.de>, Wesley Shields <wxs@FreeBSD.org>, Dmitry Marakasov <amdmi3@amdmi3.ru>, Jamie Gritton <jamie@FreeBSD.org>
Subject:   Re: Kernel panic when accessing ZFS-Filesystem via NFS
Message-ID:  <942C18EE-0453-4568-B835-8379966F0B8A@rabson.org>
In-Reply-To: <20090603184215.L12292@maildrop.int.zabbadoz.net>
References:  <20090601182012.GA21543@darkthrone.kvedulv.de> <20090603121307.GA15659@hades.panopticon> <20090603152810.GA21014@atarininja.org> <20090603160945.GC21014@atarininja.org> <20090603184215.L12292@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 3 Jun 2009, at 20:42, Bjoern A. Zeeb wrote:

> On Wed, 3 Jun 2009, Wesley Shields wrote:
>
> Hi,
>
>>>>> ...
>
>> [ The panic message and backtrace from ddb is at
>> http://people.freebsd.org/~wxs/crash.txt ]
>>
> ...
>> cred->cr_prison is null? It is my understanding that when not jailed
>> cred->cr_prison should be &prison0 with the new hierarchical jails.  
>> The
>> fact that it is null is causing prison_priv_check to enter the switch
>> statement, leading to the crash.
>>
>> I'm not sure why cred->cr_prison is null in this case.
>
> The question here is not if  cred->cr_prison can be null but where is
> the cred coming from?
>
> If you look at init_main.c around lines 440 - 457 you'll find prison0
> being further initialized (cpuset) and p_ucred->cr_prison being set to
> &prsion0. And a bit further down in l470 td_ucred is initialized from
> that. cr_prison should thus always be setup.
>
> What you are looking at above looks like a crget() with only
> cr_ngroups updated.
>
> [removing a lot more text as I was going on debugging in a very small
> window]
>
> I would start looking at svc_getcred() and blame at least the
> AUTH_UNIX case;  end of rpc/svc_auth.c.  This looks like a big NO-NO.
> I am pretty sure I'd also want to audit svc_rpc_gss(), just in case.

The NFS server is creating a ucred which describes the privileges to  
be given to the remote user. What is the correct way to do this and  
where can I read the documentation?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?942C18EE-0453-4568-B835-8379966F0B8A>