FreeBSD Mail Archives

Date:      Sat, 28 Sep 2013 21:32:32 +0300
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Andrej Zverev <andrej.zverev@gmail.com>
Cc:        FreeBSD Current <freebsd-current@freebsd.org>, rwatson@freebsd.org
Subject:   Re: panic: rm_rlock: recursed on non-recursive rmlock mac_policy_rm @ /usr/src/sys/security/mac/mac_framework.c:198
Message-ID:  <20130928183232.GR41229@kib.kiev.ua>
In-Reply-To: <CAD5bB%2Bi3MND0gsCkpcWoKwpWf=pWhMYm3%2BrqVAAq=_TONn-2tQ@mail.gmail.com>
References:  <CAD5bB%2Bi3MND0gsCkpcWoKwpWf=pWhMYm3%2BrqVAAq=_TONn-2tQ@mail.gmail.com>

index | next in thread | previous in thread | raw e-mail


[-- Attachment #1 --]
On Sat, Sep 28, 2013 at 03:41:58PM +0400, Andrej Zverev wrote:
>  Hello,
> 
> I see following panic of 10.0-ALPHA3 r255906
> 
> (kgdb) #0  doadump (textdump=0) at pcpu.h:232
> #1  0xc0521fb1 in db_dump (dummy=-1062244387, dummy2=0, dummy3=-1,
>     dummy4=0xeb36b764 "") at /usr/src/sys/ddb/db_command.c:543
> #2  0xc0521a77 in db_command (cmd_table=<value optimized out>)
>     at /usr/src/sys/ddb/db_command.c:449
> #3  0xc0521790 in db_command_loop () at /usr/src/sys/ddb/db_command.c:502
> #4  0xc0524020 in db_trap (type=<value optimized out>, code=2)
>     at /usr/src/sys/ddb/db_main.c:231
> #5  0xc0af7738 in kdb_trap (type=<value optimized out>,
>     code=<value optimized out>, tf=<value optimized out>)
>     at /usr/src/sys/kern/subr_kdb.c:654
> #6  0xc0fa6d3f in trap (frame=<value optimized out>)
>     at /usr/src/sys/i386/i386/trap.c:720
> #7  0xc0f8fd5c in calltrap () at /usr/src/sys/i386/i386/exception.s:170
> #8  0xc0af6fdd in kdb_enter (why=0xc1111a64 "panic",
>     msg=<value optimized out>) at cpufunc.h:71
> #9  0xc0abe363 in vpanic (fmt=<value optimized out>, ap=<value optimized out>)
>     at /usr/src/sys/kern/kern_shutdown.c:747
> #10 0xc0abe21a in kassert_panic (fmt=<value optimized out>)
>     at /usr/src/sys/kern/kern_shutdown.c:642
> #11 0xc0abb047 in _rm_rlock_debug (rm=0xc156e764,
>     tracker=<value optimized out>) at /usr/src/sys/kern/kern_rmlock.c:640
> #12 0xc0ceb0aa in mac_policy_slock_nosleep (tracker=<value optimized out>)
>     at /usr/src/sys/security/mac/mac_framework.c:198
> #13 0xc0cf22a8 in mac_priv_check (priv=490)
>     at /usr/src/sys/security/mac/mac_priv.c:75
> #14 0xc0aacc15 in priv_check_cred (cred=0xc6ece600, priv=490, flags=0)
>     at /usr/src/sys/kern/kern_priv.c:88
> #15 0xd010cdf0 in socket_check_bind (cred=0xc6ece600,
>     so=<value optimized out>, solabel=0x0, sa=<value optimized out>)
>     at /usr/src/sys/modules/mac_portacl/../../security/mac_portacl/mac_portacl.c:428
> #16 0xc0cf4291 in mac_socket_check_bind (so=0xcf528d40)
>     at /usr/src/sys/security/mac/mac_socket.c:325
> #17 0xc0b41091 in kern_bindat (td=0xc778c930, dirfd=-100,
>     fd=<value optimized out>, sa=0xffff)
>     at /usr/src/sys/kern/uipc_syscalls.c:279
> #18 0xc0b40ea4 in sys_bind (td=0x80, uap=<value optimized out>)
>     at /usr/src/sys/kern/uipc_syscalls.c:297
> #19 0xc0fa7a0e in syscall (frame=<value optimized out>) at subr_syscall.c:134
> #20 0xc0f8fdf1 in Xint0x80_syscall ()
>     at /usr/src/sys/i386/i386/exception.s:270
> #21 0x00000033 in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> 
> 
> It easy to reproduce. Just kldload mac_portacl and /etc/rc.d/syslogd restart

This is due to priv_check_cred() call in mac_portacl.c:rules_check().
The call causes recusion into the mac framework from the mac callback.

Robert should have better idea about the proper way to fix the issue.
The trivial attempt might be to enable recursion on the rm lock
protecting the lists.

diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 816bb0b..ed0c05a 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -292,7 +292,8 @@ mac_init(void)
 	mac_labelzone_init();
 
 #ifndef MAC_STATIC
-	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS);
+	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS |
+	    RM_RECURSE);
 	sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS);
 #endif
 }

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (FreeBSD)

iQIcBAEBAgAGBQJSRyDAAAoJEJDCuSvBvK1BS2sP/2T3LQSiGRUDVgZv/hpRPz2a
zq460XjejFk6nMkLYZu9b0x1hjSvW/k+pIxwqcAqnKiz8d7CG9ApzrWWqYeZPK2q
TC5H3UvbUskyHhpgMmY4iV/Tf9uynF/jEyvjGoSqfKmhDPAItgaEKJWBEemuVfKj
kybI1d6uJjSUD92srzKkP6PV7ZA91y2BF1sj+hUq00R6FNQ38F9JWUjhEwZD1vXF
39k8OD1l57fpEkaNKxaLPJq2hxpb2PmN09lNwi6qwbnJSBLUNoAzeBjnZC+rYJ9C
DmSPzn0rU/L0/BKxI7GPFZPcUt6ckbGFhDrTJGEYuSqyjriBBObQYtWk1KucohUi
Vl0LX+aAsz70Es7VitrFBigyd6QZh0OLlXqGWrowznwKup1uzEkosIHGBXXJLSTe
uSXY7cUGfEjSsBf2C60ghxtAVTyXJjQmN55n4tJW62imeIp6rot3Y+9AUoiHJeoI
FLUT0p6J0rgZP+m9qmCiEqJLVlHV8U9IkglUMUKg4KG3xmfQY2b9/qGn2y++cghQ
WIrCe7cb4OIF7Y5Kr4cX8jKVmqAXEZYlp7y1trS7GY0tFXvK+gSWNTbgW8J3Dlrt
d9xmw7NNhi75haIEcjOL573oQTvA9gNlhaEh7Ww4oqK6oPlyXnItP/F9vgLJ+J+v
jVP2yebd3/hMRqAILyLW
=hekf
-----END PGP SIGNATURE-----

help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130928183232.GR41229>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation