From owner-freebsd-current@FreeBSD.ORG Sat Sep 26 23:47:19 2009 Return-Path: Delivered-To: current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFFDF106568D; Sat, 26 Sep 2009 23:47:19 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id C97BA8FC1D; Sat, 26 Sep 2009 23:47:19 +0000 (UTC) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 660AC46B0C; Sat, 26 Sep 2009 19:47:19 -0400 (EDT) Date: Sun, 27 Sep 2009 00:47:19 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Jamie Gritton In-Reply-To: <4ABD4BB9.1030804@FreeBSD.org> Message-ID: References: <4ABD4BB9.1030804@FreeBSD.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: stable@FreeBSD.org, Marcel Moolenaar , "current@freebsd.org mailing list" Subject: Re: 8.0-RC1: kernel page fault in NLM master thread (VIMAGE or ZFS related?) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Sep 2009 23:47:20 -0000 On Fri, 25 Sep 2009, Jamie Gritton wrote: > It seems to be NFS related. I think the null pointer in question is from > the export's anonymous credential. Try the patch below and see if it helps > (which I guess means run it overnight and see if it crashes again). I've > also patched a similar missing cred prison in GSS_SVC, since I'm not versed > enough in NFS/RPC stuff to know if it might be the problem. This is one of the reasons I really dislike "magic" credentials and special handling of NULL credentials -- they always get into code the author doesn't expect, and either there are bad pointer dereferences, or incorrect security decisions. It's almost always the case that a correct credential should have been cached or generated at some earlier point to represent the security context... Robert > > - Jamie > > > Index: kern/vfs_export.c > =================================================================== > --- kern/vfs_export.c (revision 197506) > +++ kern/vfs_export.c (working copy) > @@ -122,6 +122,8 @@ > np->netc_anon->cr_uid = argp->ex_anon.cr_uid; > crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, > argp->ex_anon.cr_groups); > + np->netc_anon->cr_prison = &prison0; > + prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors = argp->ex_numsecflavors; > bcopy(argp->ex_secflavors, np->netc_secflavors, > sizeof(np->netc_secflavors)); > @@ -206,6 +208,8 @@ > np->netc_anon->cr_uid = argp->ex_anon.cr_uid; > crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, > np->netc_anon->cr_groups); > + np->netc_anon->cr_prison = &prison0; > + prison_hold(np->netc_anon->cr_prison); > np->netc_numsecflavors = argp->ex_numsecflavors; > bcopy(argp->ex_secflavors, np->netc_secflavors, > sizeof(np->netc_secflavors)); > Index: rpc/rpcsec_gss/svc_rpcsec_gss.c > =================================================================== > --- rpc/rpcsec_gss/svc_rpcsec_gss.c (revision 197506) > +++ rpc/rpcsec_gss/svc_rpcsec_gss.c (working copy) > @@ -449,6 +449,8 @@ > cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid; > cr->cr_rgid = cr->cr_svgid = uc->gid; > crsetgroups(cr, uc->gidlen, uc->gidlist); > + cr->cr_prison = &prison0; > + prison_hold(cr->cr_prison); > *crp = crhold(cr); > > return (TRUE); > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >