Date: Sat, 02 Nov 2024 23:57:04 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Ravi Pokala <rpokala@freebsd.org> Cc: Olivier Certner <olce@FreeBSD.org>, src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: cfbe7a62dc62 - main - nfs, rpc: Ensure kernel credentials have at least one group Message-ID: <20241103065704.4377C114@slippy.cwsent.com> In-Reply-To: <9307D0CC-6D10-4F86-AE3B-43E7D6DA19A9@panasas.com> References: <202411022039.4A2KdbAE046580@gitrepo.freebsd.org> <9307D0CC-6D10-4F86-AE3B-43E7D6DA19A9@panasas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
One of these commits causes a panic when yppasswd is started. The relevant details are below. However on my laptop the panic is in mountd. No core dump was captured on that machine. cwsys dumped core - see /var/crash/vmcore.22 Sat Nov 2 23:29:29 PDT 2024 FreeBSD cwsys 15.0-CURRENT FreeBSD 15.0-CURRENT #59 komquats-n273418-0f5116d7efe3: Sat Nov 2 19:32:30 PDT 2024 root@slippy:/export/obj/opt/src/git-src/amd64.amd64/sys/BREAK amd64 panic: page fault Reading symbols from /boot/kernel/kernel... Reading symbols from /usr/lib/debug//boot/kernel/kernel.debug... Reading symbols from /boot/kernel/geom_mirror.ko... Reading symbols from /usr/lib/debug//boot/kernel/geom_mirror.ko.debug... Reading symbols from /boot/kernel/sem.ko... Reading symbols from /usr/lib/debug//boot/kernel/sem.ko.debug... Reading symbols from /boot/kernel/zfs.ko... Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug... Reading symbols from /boot/kernel/amdtemp.ko... Reading symbols from /usr/lib/debug//boot/kernel/amdtemp.ko.debug... Reading symbols from /boot/kernel/amdsmn.ko... Reading symbols from /usr/lib/debug//boot/kernel/amdsmn.ko.debug... Reading symbols from /boot/kernel/if_nfe.ko... Reading symbols from /usr/lib/debug//boot/kernel/if_nfe.ko.debug... Reading symbols from /boot/kernel/aibs.ko... Reading symbols from /usr/lib/debug//boot/kernel/aibs.ko.debug... Reading symbols from /boot/kernel/filemon.ko... Reading symbols from /usr/lib/debug//boot/kernel/filemon.ko.debug... Reading symbols from /boot/kernel/dtraceall.ko... Reading symbols from /usr/lib/debug//boot/kernel/dtraceall.ko.debug... Reading symbols from /boot/kernel/profile.ko... Reading symbols from /usr/lib/debug//boot/kernel/profile.ko.debug... Reading symbols from /boot/kernel/opensolaris.ko... Reading symbols from /usr/lib/debug//boot/kernel/opensolaris.ko.debug... Reading symbols from /boot/kernel/dtrace.ko... Reading symbols from /usr/lib/debug//boot/kernel/dtrace.ko.debug... Reading symbols from /boot/kernel/systrace_freebsd32.ko... Reading symbols from /usr/lib/debug//boot/kernel/systrace_freebsd32.ko.debug ... Reading symbols from /boot/kernel/systrace.ko... Reading symbols from /usr/lib/debug//boot/kernel/systrace.ko.debug... Reading symbols from /boot/kernel/sdt.ko... Reading symbols from /usr/lib/debug//boot/kernel/sdt.ko.debug... Reading symbols from /boot/kernel/kinst.ko... Reading symbols from /usr/lib/debug//boot/kernel/kinst.ko.debug... Reading symbols from /boot/kernel/fasttrap.ko... Reading symbols from /usr/lib/debug//boot/kernel/fasttrap.ko.debug... Reading symbols from /boot/kernel/fbt.ko... Reading symbols from /usr/lib/debug//boot/kernel/fbt.ko.debug... Reading symbols from /boot/kernel/dtnfscl.ko... Reading symbols from /usr/lib/debug//boot/kernel/dtnfscl.ko.debug... Reading symbols from /boot/kernel/dtmalloc.ko... Reading symbols from /usr/lib/debug//boot/kernel/dtmalloc.ko.debug... Reading symbols from /boot/kernel/dtaudit.ko... Reading symbols from /usr/lib/debug//boot/kernel/dtaudit.ko.debug... Reading symbols from /boot/kernel/if_sk.ko... Reading symbols from /usr/lib/debug//boot/kernel/if_sk.ko.debug... Reading symbols from /boot/kernel/cpufreq.ko... Reading symbols from /usr/lib/debug//boot/kernel/cpufreq.ko.debug... Reading symbols from /boot/kernel/if_lagg.ko... Reading symbols from /usr/lib/debug//boot/kernel/if_lagg.ko.debug... Reading symbols from /boot/kernel/if_infiniband.ko... Reading symbols from /usr/lib/debug//boot/kernel/if_infiniband.ko.debug... Reading symbols from /boot/kernel/fdescfs.ko... Reading symbols from /usr/lib/debug//boot/kernel/fdescfs.ko.debug... Reading symbols from /boot/kernel/nullfs.ko... Reading symbols from /usr/lib/debug//boot/kernel/nullfs.ko.debug... Reading symbols from /boot/kernel/if_bridge.ko... Reading symbols from /usr/lib/debug//boot/kernel/if_bridge.ko.debug... Reading symbols from /boot/kernel/bridgestp.ko... Reading symbols from /usr/lib/debug//boot/kernel/bridgestp.ko.debug... Reading symbols from /boot/kernel/fusefs.ko... Reading symbols from /usr/lib/debug//boot/kernel/fusefs.ko.debug... Reading symbols from /boot/kernel/geom_uzip.ko... Reading symbols from /usr/lib/debug//boot/kernel/geom_uzip.ko.debug... Reading symbols from /boot/kernel/autofs.ko... Reading symbols from /usr/lib/debug//boot/kernel/autofs.ko.debug... __curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:57 57 __asm("movq %%gs:%c1,%0" : "=r" (td) (kgdb) #0 __curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:5 7 td = <optimized out> #1 doadump (textdump=textdump@entry=1) at /opt/src/git-src/sys/kern/kern_shutdown.c:404 error = 0 coredump = <optimized out> #2 0xffffffff806dafee in kern_reboot (howto=260) at /opt/src/git-src/sys/kern/kern_shutdown.c:524 once = 0 #3 0xffffffff806db517 in vpanic (fmt=0xffffffff80b03e2b "%s", ap=ap@entry=0xfffffe008ed86890) at /opt/src/git-src/sys/kern/kern_shutdown.c:979 buf = "page fault", '\000' <repeats 245 times> __pc = 0x0 __pc = 0x0 __pc = 0x0 other_cpus = {__bits = {13, 0 <repeats 15 times>}} td = 0xfffff80009381740 bootopt = <unavailable> newpanic = <optimized out> #4 0xffffffff806db343 in panic (fmt=<unavailable>) at /opt/src/git-src/sys/kern/kern_shutdown.c:892 ap = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0xfffffe008ed868c0, reg_save_area = 0xfffffe008ed86860}} #5 0xffffffff80a81aab in trap_fatal (frame=0xfffffe008ed86970, eva=40) at /opt/src/git-src/sys/amd64/amd64/trap.c:950 __pc = 0x0 __pc = 0x0 __pc = 0x0 softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_long = 1, ssd_def32 = 0, ssd_gran = 1} code = 0 ss = 40 type = <optimized out> gdt = <optimized out> handled = <optimized out> #6 0xffffffff80a81af6 in trap_pfault (frame=<unavailable>, usermode=false, signo=<optimized out>, ucode=<optimized out>) at /opt/src/git-src/sys/amd64/amd64/trap.c:758 __pc = 0x0 __pc = 0x0 __pc = 0x0 td = 0xfffff80009381740 p = <optimized out> eva = <unavailable> map = <optimized out> ftype = <optimized out> rv = <optimized out> #7 <signal handler called> No locals. #8 0xffffffff807b6de0 in vfs_hang_addrlist (mp=0xfffffe008517c100, argp=0xfffffe008ed86b60, nep=<optimized out>) at /opt/src/git-src/sys/kern/vfs_export.c:141 smask = 0x0 np = <optimized out> i = <optimized out> saddr = <optimized out> error = <optimized out> rnh = <optimized out> off = <optimized out> rn = <optimized out> _tid = <optimized out> _v = <optimized out> _v = <optimized out> _size = <optimized out> _malloc_item = <optimized out> #9 vfs_export (mp=mp@entry=0xfffffe008517c100, argp=argp@entry=0xfffffe008ed86b60, do_exjail=true) at /opt/src/git-src/sys/kern/vfs_export.c:408 error = <optimized out> pr = 0xffffffff80e60260 <prison0> nep = 0xfffff8001d04dd00 cr = <optimized out> new_nep = <optimized out> #10 0xffffffff807c3ad9 in vfs_domount_update (td=td@entry=0xfffff80009381740 , vp=0xfffff8002ab30370, fsflags=<optimized out>, fsflags@entry=2167056, jail_export=<optimized out>, optlist=optlist@entry=0xfffffe008ed86d70) at /opt/src/git-src/sys/kern/vfs_mount.c:1515 o2export = {ex_flags = 964, ex_root = 4294967295, ex_anon = { cr_version = 0, cr_uid = 0, cr_ngroups = -16128, cr_groups = { 4294966784, 0, 0, 137604104, 4294965248, 2396547888, 4294966784, 2155596019, 4294967295, 101272584, 4294965248, 716374896, 4294965248, 2396548144, 4294966784, 2396548144}, { _cr_unused1 = 0xfffffe008ed86b30, cr_pid = -1898419408}}, ex_addr = 0xffffffff807bc7db <VOP_UNLOCK+43>, ex_addrlen = 88 'X', ex_mask = 0xfffff80006093370, ex_masklen = 176 '\260', ex_indexfile = 0xffffffff807bc0c1 <vfs_lookup+2753> "=", ex_numsecflavors = 4, ex_secflavors = {0, 1866625232, -2048, -2131875320, -1}} export = {ex_flags = 384, ex_root = 0, ex_uid = 0, ex_ngroups = 3, ex_groups = 0xfffff80005876d80, ex_addr = 0x0, ex_addrlen = 0 '\000', ex_mask = 0x0, ex_masklen = 0 '\000', ex_indexfile = 0x0, ex_numsecflavors = 1, ex_secflavors = {1, 0, 0, 0, 0}} mp = 0xfffffe008517c100 flag = 4297068560 vfs_suser_failed = <optimized out> error = <optimized out> rootvp = 0xfffff8002ab30370 fsid_up = <optimized out> mnt_union = 0 export_error = 0 len = <optimized out> bufp = <optimized out> i = <optimized out> grps = 0xfffff80005876d80 fsid_up_len = <optimized out> #11 0xffffffff807bee30 in vfs_domount (td=0xfffff80009381740, fstype=fstype@entry=0xfffff8006f4270b0 "ufs", fspath=fspath@entry=0xfffff8006f427090 "/usr", fsflags=fsflags@entry=2167056, jail_export=false, optlist=optlist@entry=0xfffffe008ed86d70) at /opt/src/git-src/sys/kern/vfs_mount.c:1692 nd = {ni_dirp = 0xfffff8006f427090 "/usr", ni_segflg = UIO_SYSSPACE, ni_rightsneeded = 0xffffffff80e00538 <cap_no_rights>, ni_startdir = 0x0, ni_rootdir = 0xfffff80006094c08, ni_topdir = 0x0, ni_dirfd = -100, ni_lcf = 0, ni_filecaps = {fc_rights = { cr_rights = {0, 0}}, fc_ioctls = 0x0, fc_nioctls = -1, fc_fcntls = 0}, ni_vp = 0xfffff8002ab30370, ni_dvp = 0xfffff80006093370, ni_resflags = 1, ni_debugflags = 63488, ni_loopcnt = 0, ni_pathlen = 1, ni_next = 0xfffff800085ae404 "", ni_cnd = {cn_flags = 335806548, cn_cred = 0xfffff80003215100, cn_nameiop = LOOKUP, cn_lkflags = 524288, cn_pnbuf = 0xfffff800085ae400 "/usr", cn_nameptr = 0xfffff800085ae401 "usr", cn_namelen = 3}, ni_cap_tracker = {tqh_first = 0x0, tqh_last = 0xfffffe008ed86ce0}, ni_dvp_seqc = 64, ni_vp_seqc = 0} error = 0 vfsp = 0x0 vp = 0x3 pathbuf = <optimized out> #12 0xffffffff807bdf36 in vfs_donmount (td=td@entry=0xfffff80009381740, fsflags=<optimized out>, fsflags@entry=2101264, fsoptions=0xfffff8002aa90900) at /opt/src/git-src/sys/kern/vfs_mount.c:9 97 optlist = 0xfffff8006f4270d0 fspath = 0xfffff8006f427090 "/usr" errmsg = <optimized out> fspathlen = <optimized out> errmsg_len = <optimized out> errmsg_pos = 5 autoro = false error = 0 fstypelen = <optimized out> fstype = 0xfffff8006f4270b0 "ufs" has_nonexport = <optimized out> jail_export = <optimized out> opt = <optimized out> tmp_opt = <optimized out> #13 0xffffffff807bd5a0 in sys_nmount (td=0xfffff80009381740, uap=<optimized out>) at /opt/src/git-src/sys/kern/vfs_mount.c:474 auio = 0xfffff8002aa90900 flags = 2101264 iovcnt = <optimized out> error = 0 #14 0xffffffff80a82365 in syscallenter (td=0xfffff80009381740) at /opt/src/git-src/sys/amd64/amd64/../../kern/subr_syscall.c:189 se = 0xffffffff80e59ba0 <sysent+12096> p = 0xfffffe0085179060 sa = <optimized out> error = <optimized out> sy_thr_static = true traced = <optimized out> _tid = <optimized out> _v = <optimized out> _v = <optimized out> _audit_entered = <optimized out> _tid = <optimized out> _v = <optimized out> _v = <optimized out> _tid = <optimized out> _v = <optimized out> _v = <optimized out> #15 amd64_syscall (td=0xfffff80009381740, traced=0) at /opt/src/git-src/sys/amd64/amd64/trap.c:1192 ksi = {ksi_link = {tqe_next = 0xffffffff80a81548 <trap+1880>, tqe_prev = 0xfffffe008ed86ed0}, ksi_info = { si_signo = -2140252247, si_errno = -1, si_code = 154670912, si_pid = -2048, si_uid = 3064555200, si_status = 284, si_addr = 0xfffffe008ed86e80, si_value = {sival_int = -2140785242, sival_ptr = 0xffffffff806635a6 <hardclock+278>, sigval_int = -2140785242, sigval_ptr = 0xffffffff806635a6 <hardclock+278>}, _reason = { _fault = {_trapno = -1898418560}, _timer = { _timerid = -1898418560, _overrun = -512}, _mesgq = { _mqd = -1898418560}, _poll = {_band = -2196626706816}, _capsicum = {_syscall = -1898418560}, __spare__ = { __spare1__ = -2196626706816, __spare2__ = {-2140783412, -1, 0, 0, 70, 0, 0}}}}, ksi_flags = 15, ksi_sigq = 0xfffffe008ed86ec0} #16 <signal handler called> No locals. #17 0x0000276f876440aa in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x276f84b0a718 (kgdb) (kgdb) Tracing command "clock", '\000' <repeats 14 times> pid 2 tid 100038 (CPU 0) #0 cpustop_handler () at /opt/src/git-src/sys/x86/x86/mp_x86.c:1525 #1 0xffffffff80a4f958 in ipi_nmi_handler () at /opt/src/git-src/sys/x86/x86/mp_x86.c:1482 #2 0xffffffff80a80e2f in trap (frame=0xffffffff811b9440 <nmi0_stack+3888>) at /opt/src/git-src/sys/amd64/amd64/trap.c:235 #3 <signal handler called> #4 rdtsc () at /opt/src/git-src/sys/amd64/include/cpufunc.h:309 #5 delay_tsc (n=1) at /opt/src/git-src/sys/x86/x86/delay.c:64 #6 delay_tc (n=1) at /opt/src/git-src/sys/x86/x86/delay.c:84 #7 DELAY (n=1) at /opt/src/git-src/sys/x86/x86/delay.c:113 #8 0xffffffff81c2668a in sk_marv_miibus_readreg (sc_if=0xfffffe0091018000, phy=<optimized out>, reg=<optimized out>) at /opt/src/git-src/sys/dev/sk/if_sk.c:597 #9 sk_miibus_readreg (dev=<optimized out>, phy=<optimized out>, reg=<optimized out>) at /opt/src/git-src/sys/dev/sk/if_sk.c:447 #10 0xffffffff8049921a in MIIBUS_READREG (dev=0xfffff800057fb900, phy=0, reg=1) at ./miibus_if.h:27 #11 e1000phy_status (sc=0xfffff80005807000) at /opt/src/git-src/sys/dev/mii/e1000phy.c:417 #12 0xffffffff80499187 in e1000phy_service (sc=0xfffff80005807000, mii=<optimized out>, cmd=1) at /opt/src/git-src/sys/dev/mii/e1000phy.c:4 01 #13 0xffffffff8049cd77 in mii_tick (mii=0xfffff80005807080) at /opt/src/git-src/sys/dev/mii/mii.c:597 #14 0xffffffff81c252ea in sk_yukon_tick ( xsc_if=xsc_if@entry=0xfffffe0091018000) at /opt/src/git-src/sys/dev/sk/if_sk.c:2883 #15 0xffffffff806fa1dd in softclock_call_cc (c=0xfffffe0091018038, cc=cc@entry=0xffffffff81f290c0, direct=direct@entry=0) at /opt/src/git-src/sys/kern/kern_timeout.c:729 #16 0xffffffff806fb8b4 in softclock_thread (arg=arg@entry=0xffffffff81f290c0 ) at /opt/src/git-src/sys/kern/kern_timeout.c:861 #17 0xffffffff80692abb in fork_exit ( callout=0xffffffff806fb7c0 <softclock_thread>, arg=0xffffffff81f290c0, frame=0xfffffe008e8aef40) at /opt/src/git-src/sys/kern/kern_fork.c:1151 #18 <signal handler called> Tracing command "mountd", '\000' <repeats 13 times> pid 3196 tid 100515 (CPU 1) #0 __curthread () at /opt/src/git-src/sys/amd64/include/pcpu_aux.h:57 #1 doadump (textdump=textdump@entry=1) at /opt/src/git-src/sys/kern/kern_shutdown.c:404 #2 0xffffffff806dafee in kern_reboot (howto=260) at /opt/src/git-src/sys/kern/kern_shutdown.c:524 #3 0xffffffff806db517 in vpanic (fmt=0xffffffff80b03e2b "%s", ap=ap@entry=0xfffffe008ed86890) at /opt/src/git-src/sys/kern/kern_shutdown.c:979 #4 0xffffffff806db343 in panic (fmt=<unavailable>) at /opt/src/git-src/sys/kern/kern_shutdown.c:892 #5 0xffffffff80a81aab in trap_fatal (frame=0xfffffe008ed86970, eva=40) at /opt/src/git-src/sys/amd64/amd64/trap.c:950 #6 0xffffffff80a81af6 in trap_pfault (frame=<unavailable>, usermode=false, signo=<optimized out>, ucode=<optimized out>) at /opt/src/git-src/sys/amd64/amd64/trap.c:758 #7 <signal handler called> #8 0xffffffff807b6de0 in vfs_hang_addrlist (mp=0xfffffe008517c100, argp=0xfffffe008ed86b60, nep=<optimized out>) at /opt/src/git-src/sys/kern/vfs_export.c:141 #9 vfs_export (mp=mp@entry=0xfffffe008517c100, argp=argp@entry=0xfffffe008ed86b60, do_exjail=true) at /opt/src/git-src/sys/kern/vfs_export.c:408 #10 0xffffffff807c3ad9 in vfs_domount_update (td=td@entry=0xfffff80009381740 , vp=0xfffff8002ab30370, fsflags=<optimized out>, fsflags@entry=2167056, jail_export=<optimized out>, optlist=optlist@entry=0xfffffe008ed86d70) at /opt/src/git-src/sys/kern/vfs_mount.c:1515 #11 0xffffffff807bee30 in vfs_domount (td=0xfffff80009381740, fstype=fstype@entry=0xfffff8006f4270b0 "ufs", fspath=fspath@entry=0xfffff8006f427090 "/usr", fsflags=fsflags@entry=2167056, jail_export=false, optlist=optlist@entry=0xfffffe008ed86d70) at /opt/src/git-src/sys/kern/vfs_mount.c:1692 #12 0xffffffff807bdf36 in vfs_donmount (td=td@entry=0xfffff80009381740, fsflags=<optimized out>, fsflags@entry=2101264, fsoptions=0xfffff8002aa90900) at /opt/src/git-src/sys/kern/vfs_mount.c:9 97 #13 0xffffffff807bd5a0 in sys_nmount (td=0xfffff80009381740, uap=<optimized out>) at /opt/src/git-src/sys/kern/vfs_mount.c:474 #14 0xffffffff80a82365 in syscallenter (td=0xfffff80009381740) at /opt/src/git-src/sys/amd64/amd64/../../kern/subr_syscall.c:189 #15 amd64_syscall (td=0xfffff80009381740, traced=0) at /opt/src/git-src/sys/amd64/amd64/trap.c:1192 #16 <signal handler called> #17 0x0000276f876440aa in ?? () Backtrace stopped: Cannot access memory at address 0x276f84b0a718 Tracing command "kernel", '\000' <repeats 13 times> pid 0 tid 100248 (CPU 2) #0 cpustop_handler () at /opt/src/git-src/sys/x86/x86/mp_x86.c:1525 #1 0xffffffff80a4f958 in ipi_nmi_handler () at /opt/src/git-src/sys/x86/x86/mp_x86.c:1482 #2 0xffffffff80a80e2f in trap (frame=0xfffffe0011185f30) at /opt/src/git-src/sys/amd64/amd64/trap.c:235 #3 <signal handler called> #4 LZ4_compressCtx (ctx=0xfffffe00b3c40000, source=0xfffffe00bd371000 <error: Cannot access memory at address 0xfffffe00bd371000>, dest=0xfffffe00c895d004 <error: Cannot access memory at address 0xfffffe00c895d004>, isize=131072, osize=114684) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:532 #5 real_LZ4_compress ( source=0xfffffe00bd371000 <error: Cannot access memory at address 0xfffffe00bd371000>, dest=0xfffffe00c895d004 <error: Cannot access memory at address 0xfffffe00c895d004>, isize=131072, osize=114684) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:863 #6 zfs_lz4_compress_buf (s_start=0xfffffe00bd371000, d_start=0xfffffe00c895d000, s_len=131072, d_len=114688, n=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:66 #7 zfs_lz4_compress (src=0xfffff80022646080, dst=0xfffff80075509f00, s_len=131072, d_len=114688, n=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:104 #8 0xffffffff816a3231 in zio_compress_data (c=<optimized out>, src=0xfffff80022646080, dst=dst@entry=0xfffffe008eafcdd0, s_len=131072, d_len=114688, level=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio_compress.c:155 #9 0xffffffff8169b8fa in zio_write_compress (zio=0xfffffe00bdc374c0) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio.c:1916 #10 0xffffffff816996d8 in __zio_execute (zio=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio.c:2427 #11 zio_execute (zio=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio.c:2338 #12 0xffffffff80741e62 in taskqueue_run_locked ( queue=queue@entry=0xfffff800061db800) at /opt/src/git-src/sys/kern/subr_taskqueue.c:517 #13 0xffffffff80743052 in taskqueue_thread_loop ( arg=arg@entry=0xfffff800057e1d60) at /opt/src/git-src/sys/kern/subr_taskqueue.c:829 #14 0xffffffff80692abb in fork_exit ( callout=0xffffffff80742f90 <taskqueue_thread_loop>, arg=0xfffff800057e1d60, frame=0xfffffe008eafcf40) at /opt/src/git-src/sys/kern/kern_fork.c:1151 #15 <signal handler called> Tracing command "kernel", '\000' <repeats 13 times> pid 0 tid 100247 (CPU 3) #0 cpustop_handler () at /opt/src/git-src/sys/x86/x86/mp_x86.c:1525 #1 0xffffffff80a4f958 in ipi_nmi_handler () at /opt/src/git-src/sys/x86/x86/mp_x86.c:1482 #2 0xffffffff80a80e2f in trap (frame=0xfffffe0011193f30) at /opt/src/git-src/sys/amd64/amd64/trap.c:235 #3 <signal handler called> #4 0xffffffff8158e5e9 in LZ4_compressCtx (ctx=0xfffffe00b3c3c000, source=0xfffffe00bd0d1000 <error: Cannot access memory at address 0xfffffe00bd0d1000>, dest=0xfffffe00c829d004 <error: Cannot access memory at address 0xfffffe00c829d004>, isize=131072, osize=114684) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:617 #5 real_LZ4_compress ( source=0xfffffe00bd0d1000 <error: Cannot access memory at address 0xfffffe00bd0d1000>, dest=0xfffffe00c829d004 <error: Cannot access memory at address 0xfffffe00c829d004>, isize=131072, osize=114684) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:863 #6 zfs_lz4_compress_buf (s_start=0xfffffe00bd0d1000, d_start=0xfffffe00c829d000, s_len=131072, d_len=114688, n=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:66 #7 zfs_lz4_compress (src=0xfffff80075fab880, dst=0xfffff80022c4be00, s_len=131072, d_len=114688, n=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/lz4_zfs.c:104 #8 0xffffffff816a3231 in zio_compress_data (c=<optimized out>, src=0xfffff80075fab880, dst=dst@entry=0xfffffe008eb01dd0, s_len=131072, d_len=114688, level=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio_compress.c:155 #9 0xffffffff8169b8fa in zio_write_compress (zio=0xfffffe00be1d0980) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio.c:1916 #10 0xffffffff816996d8 in __zio_execute (zio=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio.c:2427 #11 zio_execute (zio=<optimized out>) at /opt/src/git-src/sys/contrib/openzfs/module/zfs/zio.c:2338 #12 0xffffffff80741e62 in taskqueue_run_locked ( queue=queue@entry=0xfffff800061db800) at /opt/src/git-src/sys/kern/subr_taskqueue.c:517 #13 0xffffffff80743052 in taskqueue_thread_loop ( arg=arg@entry=0xfffff800057e1d60) at /opt/src/git-src/sys/kern/subr_taskqueue.c:829 #14 0xffffffff80692abb in fork_exit ( callout=0xffffffff80742f90 <taskqueue_thread_loop>, arg=0xfffff800057e1d60, frame=0xfffffe008eb01f40) at /opt/src/git-src/sys/kern/kern_fork.c:1151 #15 <signal handler called> (kgdb) -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0 In message <9307D0CC-6D10-4F86-AE3B-43E7D6DA19A9@panasas.com>, Ravi Pokala writ es: > Hi Olivier, > > This appears to break amd64.MINIMAL and amd64.MINIMALUP: > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 > D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > 3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > % less _.amd64.MINIMAL > linking kernel.full > ld: error: undefined symbol: vnet_entry_nfsrv_defaultgid > >>> referenced by vfs_export.c:141 (sys/kern/vfs_export.c:141) > >>> vfs_export.o:(vfs_export) > >>> referenced by vfs_export.c:220 (sys/kern/vfs_export.c:220) > >>> vfs_export.o:(vfs_export) > --- kernel.full --- > *** [kernel.full] Error code 1 > > make[5]: stopped making "all" in amd64.amd64/sys/MINIMAL > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 > D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > 3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > Thanks, > > Ravi (rpokala@) > > =EF=BB=BF-----Original Message----- > From: <owner-src-committers@freebsd.org <mailto:owner-src-committers@freebs= > d.org>> on behalf of Olivier Certner <olce@FreeBSD.org <mailto:olce@FreeBSD.= > org>> > Date: Saturday, November 2, 2024 at 13:39 > To: <src-committers@FreeBSD.org <mailto:src-committers@FreeBSD.org>>, <dev-= > commits-src-all@FreeBSD.org <mailto:dev-commits-src-all@FreeBSD.org>>, <dev-= > commits-src-main@FreeBSD.org <mailto:dev-commits-src-main@FreeBSD.org>> > Subject: git: cfbe7a62dc62 - main - nfs, rpc: Ensure kernel credentials hav= > e at least one group > > > The branch main has been updated by olce: > > > URL: https://cgit.FreeBSD.org/src/commit/?id=3Dcfbe7a62dc62e8a5d7520cb5eb8ad7 > = > c4a9418e26 <https://cgit.FreeBSD.org/src/commit/?id=3Dcfbe7a62dc62e8a5d7520cb > 5= > eb8ad7c4a9418e26> > > > commit cfbe7a62dc62e8a5d7520cb5eb8ad7c4a9418e26 > Author: Olivier Certner <olce@FreeBSD.org <mailto:olce@FreeBSD.org>> > AuthorDate: 2024-10-02 14:28:59 +0000 > Commit: Olivier Certner <olce@FreeBSD.org <mailto:olce@FreeBSD.org>> > CommitDate: 2024-11-02 20:37:42 +0000 > > > nfs, rpc: Ensure kernel credentials have at least one group > > > This fixes several bugs where some 'struct ucred' in the kernel, > constructed from user input (via nmount(2)) or obtained from other > servers (e.g., gssd(8)), could have an unfilled 'cr_groups' field and > whose 'cr_groups[0]' (or 'cr_gid', which is an alias) was later > accessed, causing an uninitialized access giving random access rights. > > > Use crsetgroups_fallback() to enforce a fallback group when possible. > For NFS, the chosen fallback group is that of the NFS server in the > current VNET (NFSD_VNET(nfsrv_defaultgid)). > > > There does not seem to be any sensible fallback available in rpc code > (sys/rpc/svc_auth.c, svc_getcred()) on AUTH_UNIX (TLS or not), so just > fail credential retrieval there. Stock NSS sources, rpc.tlsservd(8) or > rpc.tlsclntd(8) provide non-empty group lists, so will not be impacted. > > > Discussed with: rmacklem (by mail) > Approved by: markj (mentor) > MFC after: 3 days > Differential Revision: https://reviews.freebsd.org/D46918 <https://reviews.= > freebsd.org/D46918> > --- > sys/fs/nfs/nfs_commonport.c | 4 +++- > sys/fs/nfs/nfs_commonsubs.c | 5 +++-- > sys/fs/nfsserver/nfs_nfsdport.c | 6 +++++- > sys/fs/nfsserver/nfs_nfsdsocket.c | 6 ++---- > sys/kern/vfs_export.c | 12 ++++++++---- > sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 2 +- > sys/rpc/svc_auth.c | 8 ++++++-- > 7 files changed, 28 insertions(+), 15 deletions(-) > > > diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c > index 2db9af5b9ea9..11f31d1a0e9f 100644 > --- a/sys/fs/nfs/nfs_commonport.c > +++ b/sys/fs/nfs/nfs_commonport.c > @@ -75,6 +75,7 @@ NFSD_VNET_DEFINE(struct nfsstatsv1 *, nfsstatsv1_p); > > > NFSD_VNET_DECLARE(struct nfssockreq, nfsrv_nfsuserdsock); > NFSD_VNET_DECLARE(nfsuserd_state, nfsrv_nfsuserd); > +NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); > > > int nfs_pnfsio(task_fn_t *, void *); > > > @@ -258,7 +259,8 @@ newnfs_copycred(struct nfscred *nfscr, struct ucred *cr= > ) > KASSERT(nfscr->nfsc_ngroups >=3D 0, > ("newnfs_copycred: negative nfsc_ngroups")); > cr->cr_uid =3D nfscr->nfsc_uid; > - crsetgroups(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups); > + crsetgroups_fallback(cr, nfscr->nfsc_ngroups, nfscr->nfsc_groups, > + NFSD_VNET(nfsrv_defaultgid)); > } > > > /* > diff --git a/sys/fs/nfs/nfs_commonsubs.c b/sys/fs/nfs/nfs_commonsubs.c > index 90b30f462106..ce4b0052714e 100644 > --- a/sys/fs/nfs/nfs_commonsubs.c > +++ b/sys/fs/nfs/nfs_commonsubs.c > @@ -4051,8 +4051,9 @@ nfssvc_idname(struct nfsd_idargs *nidp) > */ > cr =3D crget(); > cr->cr_uid =3D cr->cr_ruid =3D cr->cr_svuid =3D nidp->nid_uid; > - crsetgroups(cr, nidp->nid_ngroup, grps); > - cr->cr_rgid =3D cr->cr_svgid =3D cr->cr_groups[0]; > + crsetgroups_fallback(cr, nidp->nid_ngroup, grps, > + NFSD_VNET(nfsrv_defaultgid)); > + cr->cr_rgid =3D cr->cr_svgid =3D cr->cr_gid; > cr->cr_prison =3D curthread->td_ucred->cr_prison; > prison_hold(cr->cr_prison); > #ifdef MAC > diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdpor= > t.c > index 8a2a39052506..5160645ad73c 100644 > --- a/sys/fs/nfsserver/nfs_nfsdport.c > +++ b/sys/fs/nfsserver/nfs_nfsdport.c > @@ -3311,7 +3311,11 @@ nfsd_excred(struct nfsrv_descript *nd, struct nfsexs= > tuff *exp, > NFSVNO_EXPORTANON(exp) || > (nd->nd_flag & ND_AUTHNONE) !=3D 0) { > nd->nd_cred->cr_uid =3D credanon->cr_uid; > - nd->nd_cred->cr_gid =3D credanon->cr_gid; > + /* > + * 'credanon' is already a 'struct ucred' that was built > + * internally with calls to crsetgroups_fallback(), so > + * we don't need a fallback here. > + */ > crsetgroups(nd->nd_cred, credanon->cr_ngroups, > credanon->cr_groups); > } else if ((nd->nd_flag & ND_GSS) =3D=3D 0) { > diff --git a/sys/fs/nfsserver/nfs_nfsdsocket.c b/sys/fs/nfsserver/nfs_nfsds= > ocket.c > index df0c0edd1b59..d1b6198ba0e1 100644 > --- a/sys/fs/nfsserver/nfs_nfsdsocket.c > +++ b/sys/fs/nfsserver/nfs_nfsdsocket.c > @@ -1422,13 +1422,11 @@ static struct ucred * > nfsrv_createrootcred(void) > { > struct ucred *cr; > - gid_t grp; > > > cr =3D crget(); > cr->cr_uid =3D cr->cr_ruid =3D cr->cr_svuid =3D UID_ROOT; > - grp =3D GID_WHEEL; > - crsetgroups(cr, 1, &grp); > - cr->cr_rgid =3D cr->cr_svgid =3D cr->cr_groups[0]; > + crsetgroups_fallback(cr, 0, NULL, GID_WHEEL); > + cr->cr_rgid =3D cr->cr_svgid =3D cr->cr_gid; > cr->cr_prison =3D curthread->td_ucred->cr_prison; > prison_hold(cr->cr_prison); > #ifdef MAC > diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c > index 996f3f74193f..c0337b1fe858 100644 > --- a/sys/kern/vfs_export.c > +++ b/sys/kern/vfs_export.c > @@ -61,6 +61,10 @@ > #include <rpc/types.h> > #include <rpc/auth.h> > > > +#include <fs/nfs/nfsport.h> > + > +NFSD_VNET_DECLARE(gid_t, nfsrv_defaultgid); > + > static MALLOC_DEFINE(M_NETADDR, "export_host", "Export host address structu= > re"); > > > #if defined(INET) || defined(INET6) > @@ -133,8 +137,8 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *n= > ep, > np->netc_exflags =3D argp->ex_flags; > np->netc_anon =3D crget(); > np->netc_anon->cr_uid =3D argp->ex_uid; > - crsetgroups(np->netc_anon, argp->ex_ngroups, > - argp->ex_groups); > + crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, > + argp->ex_groups, NFSD_VNET(nfsrv_defaultgid)); > np->netc_anon->cr_prison =3D &prison0; > prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors =3D argp->ex_numsecflavors; > @@ -212,8 +216,8 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *n= > ep, > np->netc_exflags =3D argp->ex_flags; > np->netc_anon =3D crget(); > np->netc_anon->cr_uid =3D argp->ex_uid; > - crsetgroups(np->netc_anon, argp->ex_ngroups, > - argp->ex_groups); > + crsetgroups_fallback(np->netc_anon, argp->ex_ngroups, argp->ex_groups, > + NFSD_VNET(nfsrv_defaultgid)); > np->netc_anon->cr_prison =3D &prison0; > prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors =3D argp->ex_numsecflavors; > diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_r= > pcsec_gss.c > index 1e6e71fa10ac..b1790dd167d5 100644 > --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c > +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c > @@ -537,7 +537,7 @@ rpc_gss_svc_getcred(struct svc_req *req, struct ucred *= > *crp, int *flavorp) > cr =3D client->cl_cred =3D crget(); > cr->cr_uid =3D cr->cr_ruid =3D cr->cr_svuid =3D uc->uid; > cr->cr_rgid =3D cr->cr_svgid =3D uc->gid; > - crsetgroups(cr, uc->gidlen, uc->gidlist); > + crsetgroups_fallback(cr, uc->gidlen, uc->gidlist, uc->gid); > cr->cr_prison =3D curthread->td_ucred->cr_prison; > prison_hold(cr->cr_prison); > *crp =3D crhold(cr); > diff --git a/sys/rpc/svc_auth.c b/sys/rpc/svc_auth.c > index 6acb1fb0d4b9..92f1ee0f2844 100644 > --- a/sys/rpc/svc_auth.c > +++ b/sys/rpc/svc_auth.c > @@ -187,10 +187,12 @@ svc_getcred(struct svc_req *rqst, struct ucred **crp,= > int *flavorp) > if ((xprt->xp_tls & (RPCTLS_FLAGS_CERTUSER | > RPCTLS_FLAGS_DISABLED)) =3D=3D RPCTLS_FLAGS_CERTUSER && > flavor =3D=3D AUTH_UNIX) { > + if (xprt->xp_ngrps <=3D 0) > + return (FALSE); > cr =3D crget(); > cr->cr_uid =3D cr->cr_ruid =3D cr->cr_svuid =3D xprt->xp_uid; > crsetgroups(cr, xprt->xp_ngrps, xprt->xp_gidp); > - cr->cr_rgid =3D cr->cr_svgid =3D xprt->xp_gidp[0]; > + cr->cr_rgid =3D cr->cr_svgid =3D cr->cr_gid; > cr->cr_prison =3D curthread->td_ucred->cr_prison; > prison_hold(cr->cr_prison); > *crp =3D cr; > @@ -200,10 +202,12 @@ svc_getcred(struct svc_req *rqst, struct ucred **crp,= > int *flavorp) > switch (flavor) { > case AUTH_UNIX: > xcr =3D (struct xucred *) rqst->rq_clntcred; > + if (xcr->cr_ngroups <=3D 0) > + return (FALSE); > cr =3D crget(); > cr->cr_uid =3D cr->cr_ruid =3D cr->cr_svuid =3D xcr->cr_uid; > crsetgroups(cr, xcr->cr_ngroups, xcr->cr_groups); > - cr->cr_rgid =3D cr->cr_svgid =3D cr->cr_groups[0]; > + cr->cr_rgid =3D cr->cr_svgid =3D cr->cr_gid; > cr->cr_prison =3D curthread->td_ucred->cr_prison; > prison_hold(cr->cr_prison); > *crp =3D cr; > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20241103065704.4377C114>