Date: Tue, 9 Jun 2009 23:16:21 +0200 From: Jilles Tjoelker <jilles@stack.nl> To: Jille Timmermans <jille@quis.cx> Cc: FreeBSD Current <current@freebsd.org> Subject: Re: panic: oof, we didn't get our fd while playing with devfs(8) and jails Message-ID: <20090609211621.GA24874@stack.nl> In-Reply-To: <4A2D62B6.9080207@quis.cx> References: <4A2D62B6.9080207@quis.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
--wRRV7LY7NUeQGEoC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Jun 08, 2009 at 09:12:54PM +0200, Jille Timmermans wrote:
> I was playing with the new hierarchical jails (yay!) and devfs(8) to
> tune the devfs mountpoints. At some point I tried to apply another
> ruleset and the machine panic'd a few seconds later.
> I haven't been able to reproduce this.
> [panic: oof, we didn't get our fd from fdcheckstd() in kern_exec.c]
This KASSERT may happen if you execute a setuid/setgid program with one
or more of fd 0, 1, 2 closed, and you cannot open /dev/null (e.g. not
present, bad permissions). The assertion checks td->td_retval[0] even if
kern_open() failed. After that, if td->td_retval[0] happened to be equal
to the expected value or INVARIANTS was disabled, the function checks if
kern_open() failed. If so, it returns an error which eventually causes
"whoops, no process anymore" process termination in do_execve() (appears
as SIGABRT).
Moving the assertion below the error check seems to fix the problem (see
attached patch).
It may also be helpful to KASSERT or comment that
thread_single(SINGLE_BOUNDARY) or similar must be in effect, otherwise
our work could be undone by other threads (similar to the
KASSERT(fdp->fd_refcnt == 1) already present). kern_exec.c takes care of
both of these.
--
Jilles Tjoelker
--wRRV7LY7NUeQGEoC
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="fdcheckstd-fix.patch"
Index: sys/kern/kern_descrip.c
===================================================================
--- sys/kern/kern_descrip.c (revision 193636)
+++ sys/kern/kern_descrip.c (working copy)
@@ -1943,10 +1943,10 @@
error = kern_open(td, "/dev/null", UIO_SYSSPACE,
O_RDWR, 0);
devnull = td->td_retval[0];
- KASSERT(devnull == i, ("oof, we didn't get our fd"));
td->td_retval[0] = save;
if (error)
break;
+ KASSERT(devnull == i, ("oof, we didn't get our fd"));
} else {
error = do_dup(td, DUP_FIXED, devnull, i, &retval);
if (error != 0)
--wRRV7LY7NUeQGEoC--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090609211621.GA24874>