From owner-freebsd-current@FreeBSD.ORG Tue Sep 15 12:03:54 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD8F7106566B for ; Tue, 15 Sep 2009 12:03:54 +0000 (UTC) (envelope-from mel.flynn+fbsd.current@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 72DF38FC12 for ; Tue, 15 Sep 2009 12:03:54 +0000 (UTC) Received: from smoochies.rachie.is-a-geek.net (mailhub.lan.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 16F2F7E818; Tue, 15 Sep 2009 04:04:06 -0800 (AKDT) From: Mel Flynn To: freebsd-current@freebsd.org Date: Tue, 15 Sep 2009 14:03:50 +0200 User-Agent: KMail/1.12.1 (FreeBSD/8.0-BETA4; KDE/4.3.1; i386; ; ) References: <200909142024.49226.mel.flynn+fbsd.current@mailing.thruhere.net> <20090915111431.GD47688@deviant.kiev.zoral.com.ua> In-Reply-To: <20090915111431.GD47688@deviant.kiev.zoral.com.ua> MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200909151403.50609.mel.flynn+fbsd.current@mailing.thruhere.net> Cc: Kostik Belousov Subject: Re: Panic in kern_access X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 12:03:55 -0000 On Tuesday 15 September 2009 13:14:31 Kostik Belousov wrote: > On Mon, Sep 14, 2009 at 08:24:49PM +0200, Mel Flynn wrote: > > Hi, > > > > below some crash info. However, since kib@ made some fixes that seem > > to relate to this, I shall rebuild my kernel with new sources. > > No my fixes were related to the issue, AFAIR. > > > At the time I was building various ports in a jail and asleep, so no > > other contributing factors. > > > > panic: free: address 0xc62e0e00(0xc62e0000) has not been allocated. > > > > #0 doadump () at pcpu.h:246 > > 246 pcpu.h: No such file or directory. > > in pcpu.h > > (kgdb) #0 doadump () at pcpu.h:246 > > #1 0xc0642b57 in boot (howto=260) at > > /usr/src/sys/kern/kern_shutdown.c:416 #2 0xc0642e49 in panic > > (fmt=Variable "fmt" is not available. > > ) at /usr/src/sys/kern/kern_shutdown.c:579 > > #3 0xc062fcfe in free (addr=0x0, mtp=0xc091c330) > > at /usr/src/sys/kern/kern_malloc.c:444 > > #4 0xc063b018 in crfree (cr=0xc795ea80) at > > /usr/src/sys/kern/kern_prot.c:1840 > > I want to see the output of > p/x cr > and > p/x cr->cr_groups > from the frame 4. (kgdb) p/x cr $1 = 0xc795ea80 (kgdb) p/x cr->cr_groups $2 = 0xc62e0e00 (kgdb) p/x *cr->cr_groups $3 = 0x0 (kgdb) p/x *cr $4 = {cr_ref = 0x0, cr_uid = 0x0, cr_ruid = 0x0, cr_svuid = 0x0, cr_ngroups = 0x2, cr_rgid = 0x0, cr_svgid = 0x0, cr_uidinfo = 0xc5523380, cr_ruidinfo = 0xc5523380, cr_prison = 0xcc3a0800, cr_pspare = 0x0, cr_flags = 0x0, cr_pspare2 = {0x0, 0x0}, cr_label = 0x0, cr_audit = {ai_auid = 0xffffffff, ai_mask = {am_success = 0x0, am_failure = 0x0}, ai_termid = {at_port = 0x0, at_type = 0x4, at_addr = {0x0, 0x0, 0x0, 0x0}}, ai_asid = 0x0, ai_flags = 0x0}, cr_groups = 0xc62e0e00, cr_agroups = 0x10} Hmm, since this is in credentials, would it be relevant that I have patched kern_jail.c to allow /dev/io access? I don't touch credentials,though and X wasn't running in the jail at the crash time. Just in case, patch is below. -- Mel Index: sys/kern/kern_jail.c =================================================================== --- sys/kern/kern_jail.c (revision 197210) +++ sys/kern/kern_jail.c (working copy) @@ -160,6 +160,7 @@ "allow.mount", "allow.quotas", "allow.socket_af", + "allow.dev_io", }; static char *pr_allow_nonames[] = { @@ -170,6 +171,7 @@ "allow.nomount", "allow.noquotas", "allow.nosocket_af", + "allow.nodev_io", }; #define JAIL_DEFAULT_ALLOW PR_ALLOW_SET_HOSTNAME @@ -3738,6 +3740,17 @@ case PRIV_NETINET_GETCRED: return (0); + /* + * Allow access to /dev/io in a jail if the non-jailed admin + * requests this and if /dev/io exists in the jail. This + * allows Xorg to probe a card. + */ + case PRIV_IO: + if (cred->cr_prison->pr_allow & PR_ALLOW_DEV_IO) + return (0); + else + return (EPERM); + default: /* * In all remaining cases, deny the privilege request. This @@ -3988,6 +4001,10 @@ CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I", "Processes in jail can mount/unmount jail-friendly file systems"); +SYSCTL_PROC(_security_jail, OID_AUTO, dev_io_allow, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_DEV_IO, sysctl_jail_default_allow, "I", + "Processes in jail can access /dev/io"); static int sysctl_jail_default_level(SYSCTL_HANDLER_ARGS) @@ -4114,6 +4131,8 @@ "B", "Jail may set file quotas"); SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route"); +SYSCTL_JAIL_PARAM(_allow, dev_io, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail can access /dev/io if present"); #ifdef DDB Index: sys/sys/jail.h =================================================================== --- sys/sys/jail.h (revision 197210) +++ sys/sys/jail.h (working copy) @@ -207,7 +207,8 @@ #define PR_ALLOW_MOUNT 0x0010 #define PR_ALLOW_QUOTAS 0x0020 #define PR_ALLOW_SOCKET_AF 0x0040 -#define PR_ALLOW_ALL 0x007f +#define PR_ALLOW_DEV_IO 0x0080 +#define PR_ALLOW_ALL 0x00ff /* * OSD methods