From owner-freebsd-current@FreeBSD.ORG Tue Jun 9 21:16:50 2009 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA919106578C for ; Tue, 9 Jun 2009 21:16:50 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (relay02.stack.nl [IPv6:2001:610:1108:5010::104]) by mx1.freebsd.org (Postfix) with ESMTP id 834838FC1D for ; Tue, 9 Jun 2009 21:16:50 +0000 (UTC) (envelope-from jilles@stack.nl) Received: by mx1.stack.nl (Postfix, from userid 65534) id 88427359943; Tue, 9 Jun 2009 23:16:49 +0200 (CEST) X-Spam-DCC: CTc-dcc2: scanner01.stack.nl 1031; Body=1 Fuz1=1 Fuz2=1 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on scanner01.stack.nl X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Relay-Country: _RELAYCOUNTRY_ Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 236DC359943; Tue, 9 Jun 2009 23:16:47 +0200 (CEST) Received: by snail.stack.nl (Postfix, from userid 1677) id D103C228CB; Tue, 9 Jun 2009 23:16:21 +0200 (CEST) Date: Tue, 9 Jun 2009 23:16:21 +0200 From: Jilles Tjoelker To: Jille Timmermans Message-ID: <20090609211621.GA24874@stack.nl> References: <4A2D62B6.9080207@quis.cx> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="wRRV7LY7NUeQGEoC" Content-Disposition: inline In-Reply-To: <4A2D62B6.9080207@quis.cx> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: FreeBSD Current Subject: Re: panic: oof, we didn't get our fd while playing with devfs(8) and jails X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jun 2009 21:16:51 -0000 --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Jun 08, 2009 at 09:12:54PM +0200, Jille Timmermans wrote: > I was playing with the new hierarchical jails (yay!) and devfs(8) to > tune the devfs mountpoints. At some point I tried to apply another > ruleset and the machine panic'd a few seconds later. > I haven't been able to reproduce this. > [panic: oof, we didn't get our fd from fdcheckstd() in kern_exec.c] This KASSERT may happen if you execute a setuid/setgid program with one or more of fd 0, 1, 2 closed, and you cannot open /dev/null (e.g. not present, bad permissions). The assertion checks td->td_retval[0] even if kern_open() failed. After that, if td->td_retval[0] happened to be equal to the expected value or INVARIANTS was disabled, the function checks if kern_open() failed. If so, it returns an error which eventually causes "whoops, no process anymore" process termination in do_execve() (appears as SIGABRT). Moving the assertion below the error check seems to fix the problem (see attached patch). It may also be helpful to KASSERT or comment that thread_single(SINGLE_BOUNDARY) or similar must be in effect, otherwise our work could be undone by other threads (similar to the KASSERT(fdp->fd_refcnt == 1) already present). kern_exec.c takes care of both of these. -- Jilles Tjoelker --wRRV7LY7NUeQGEoC Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="fdcheckstd-fix.patch" Index: sys/kern/kern_descrip.c =================================================================== --- sys/kern/kern_descrip.c (revision 193636) +++ sys/kern/kern_descrip.c (working copy) @@ -1943,10 +1943,10 @@ error = kern_open(td, "/dev/null", UIO_SYSSPACE, O_RDWR, 0); devnull = td->td_retval[0]; - KASSERT(devnull == i, ("oof, we didn't get our fd")); td->td_retval[0] = save; if (error) break; + KASSERT(devnull == i, ("oof, we didn't get our fd")); } else { error = do_dup(td, DUP_FIXED, devnull, i, &retval); if (error != 0) --wRRV7LY7NUeQGEoC--