From nobody Sun Nov 03 18:16:27 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XhN8g2ZWHz5cZ31; Sun, 03 Nov 2024 18:16:35 +0000 (UTC) (envelope-from olce@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XhN8g0hHzz4ltn; Sun, 3 Nov 2024 18:16:35 +0000 (UTC) (envelope-from olce@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730657795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0Cs2vp7GzsLFj0fS+DJi2/xU9H7w9dPZ2pReW0073qE=; b=iwAoPVbOHoDMK4o2xBWnB6Jt5E4HBSC4JolBKOdlxYKzz/l0fDfauAehLM7hSfhCFjEdzn udNt34E3M87RzDP3xz4rbKdSTBclySqpvaNexnDhIps0ejenaYQM1Lq+DREVTBiWt3yEGe jN7kVRqkIE89MLw4UI2yK1ySfecgq3/z7fbfKlo6Xb1ZKhMKOVwLJCXs+BYnQNYadjbVlX Rou+rpXMD2RqZj6rLHnnY4jPHuOF2ClMt9TQBBnsqAtpZpPADZLvOzh6hbGiiz9gfYRD/N F2dqUSQSvoQk40+SRXvEt6J8S7K/1VpN0M6/hewhxs2+JRlB51yw818pGNERlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730657795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0Cs2vp7GzsLFj0fS+DJi2/xU9H7w9dPZ2pReW0073qE=; b=gNdExL9o4ZQjNz/LtVmNlebYKVFlt3uw1+uZR40tU/bcun6yLF3lna300eg2UiudSIDy3G PUGJYfRdfh7JOzZuWbAGqmpslCy6RhDXuK9ssP4aJ9rroQE3wN1A0XtVh8mUrx1v2jp0Cn 3ckundBCC2y/FwKXPwxIRAJ33cggMQ9fBJid5M970COM5pTxlhwydRCjjIBPsFn3kIeReL Z3eeSSCRHorrGEBrzuUTEiRys8fjUiKwhd0BMbWTNQE83rjtfL6CZOfWuG3+JJsJImlFCn SXntNOgGt26uzGOz+YLqZMkFCaUBUjvAIXlo9YKAKIjdceIGmmF7vqs4qXMYlQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730657795; a=rsa-sha256; cv=none; b=FcdoobIlaycBzid1f3SDSZyiUss2zWH9jjNUEjRq7BooizQ6rZR6iAwV+015PSooInMRRi utnlmd9Cx0Ra8udZXAfPWzw6nDuvq6BpuNXIvLdkNbP3STMf3NlnUZPC9fE+raZPPD6vqh Ch8kzXutUEAC7qnU55ZI0q2gaWvoxZuQuDNi8mPMu4B24V6ruWMQem649eejpI7lKUeq+r 7/sRfJ7Ykmb1QVpvXQ5E1J1ciw137kqb920Q3hQ6sGX79knquKfISD2UM2ZbVazmhzKmUv gDZT/7aY/q/FVpnnaRBsTKHn1oEGIl7N7zc6d1kuTjZiNvdF7nFpZgpnZ5+jgA== Received: from ravel.localnet (aclermont-ferrand-653-1-222-123.w90-14.abo.wanadoo.fr [90.14.66.123]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: olce/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4XhN8f3gKgz1NsJ; Sun, 3 Nov 2024 18:16:34 +0000 (UTC) (envelope-from olce@freebsd.org) From: Olivier Certner To: Cy Schubert Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 5169d4307eb9 - main - nfs: Fallback to GID_NOGROUP on no groups Date: Sun, 03 Nov 2024 19:16:27 +0100 Message-ID: <2094473.mIT35NG9lc@ravel> In-Reply-To: <20241103171056.E8299280@slippy.cwsent.com> References: <202411031547.4A3Fl0Lh079122@gitrepo.freebsd.org> <20241103171056.E8299280@slippy.cwsent.com> List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1863566.1AojA6SiXe"; micalg="pgp-sha384"; protocol="application/pgp-signature" --nextPart1863566.1AojA6SiXe Content-Type: multipart/mixed; boundary="nextPart17542189.7ycxSsYEdt"; protected-headers="v1" Content-Transfer-Encoding: 7Bit From: Olivier Certner To: Cy Schubert Date: Sun, 03 Nov 2024 19:16:27 +0100 Message-ID: <2094473.mIT35NG9lc@ravel> In-Reply-To: <20241103171056.E8299280@slippy.cwsent.com> MIME-Version: 1.0 This is a multi-part message in MIME format. --nextPart17542189.7ycxSsYEdt Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8" > I'm getting a different panic this time. Sigh... I see why, and it seems straightforward to fix. Could you please try the attached patch? It is also available at: https://people.freebsd.org/~olce/0001-cred-crsetgroups-Throw-away-old-groups-before-crexte.patch . Hopefully, this was the last problem to solve. All patches in the series, except the "nfs, rpc: *" one, have been tested and actually used on my machines for weeks. I however don't use NFS on a daily basis, and it is now pretty clear that I have a big problem in my NFS testing setup, or messed up the related tests (am still not sure). If you can't test this patch or if you still have a problem after this one, then I'll just revert the series pending my re-testing in a correctly setup NFS environment. Sorry to have dragged you in this debugging session, and thanks for your efforts and feedback. -- Olivier Certner --nextPart17542189.7ycxSsYEdt Content-Disposition: attachment; filename="0001-cred-crsetgroups-Throw-away-old-groups-before-crexte.patch" Content-Transfer-Encoding: 7Bit Content-Type: text/x-patch; charset="x-UTF_8J"; name="0001-cred-crsetgroups-Throw-away-old-groups-before-crexte.patch" From 02bd66dd2b7b9143b0801d232c52aa23df23136b Mon Sep 17 00:00:00 2001 From: Olivier Certner Date: Sun, 3 Nov 2024 19:04:02 +0100 Subject: [PATCH] cred: crsetgroups(): Throw away old groups before crextend() Now that crextend() asserts that groups are not set (rightfully so, since it may change the backing storage without copying the content of the old one), have crsetgroups() throw away the old groups before calling it, as it will set the groups to an entirely new set anyway. This allows to reuse not shared credentials by resetting the group sets on them, which is necessary for certain kind of NFS exports. Fixes: ea26c0e79752 ("cred: crextend(): Harden, simplify") --- sys/kern/kern_prot.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index b522edbf4e69..fb5e973b812f 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2215,20 +2215,18 @@ crfree_final(struct ucred *cr) */ void crcopy(struct ucred *dest, struct ucred *src) { + /* + * Ideally, 'cr_ngroups' should be moved out of 'struct ucred''s bcopied + * area, but this would break the ABI, so is deferred until there is + * a compelling need to change the ABI. + */ bcopy(&src->cr_startcopy, &dest->cr_startcopy, (unsigned)((caddr_t)&src->cr_endcopy - (caddr_t)&src->cr_startcopy)); - /* - * Avoids an assertion in crsetgroups() -> crextend(). Ideally, - * 'cr_ngroups' should be moved out of 'struct ucred''s bcopied area, - * but this would break the ABI, so is deferred until there is a real - * need to change the ABI. - */ - dest->cr_ngroups = 0; dest->cr_flags = src->cr_flags; crsetgroups(dest, src->cr_ngroups, src->cr_groups); uihold(dest->cr_uidinfo); uihold(dest->cr_ruidinfo); prison_hold(dest->cr_prison); @@ -2473,10 +2471,17 @@ void crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups) { if (ngrp > ngroups_max + 1) ngrp = ngroups_max + 1; + /* + * crextend() expects that groups are not set, as it may allocate a new + * backing storage without copying the content of the old one. Since we + * are going to set them to a completely new list below, signal that we + * have thrown away the old ones. + */ + cr->cr_ngroups = 0; crextend(cr, ngrp); crsetgroups_internal(cr, ngrp, groups); groups_normalize(&cr->cr_ngroups, cr->cr_groups); } --nextPart17542189.7ycxSsYEdt-- --nextPart1863566.1AojA6SiXe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCQAdFiEEmNCxHjkosai0LYIujKEwQJceJicFAmcnvfsACgkQjKEwQJce JicDTxAAgF7lvjTNdtDLxyWuwzWJd1L6Xii6eT+iS7+fAkxJGwdkTZY8rPhFLRim 1NNXJ0K4ksfDAAB7CSFmFIwFt4UngLckhdGOGDAtvKmx1skF+vd/Fqe70IaUN2jj Cz788wjhISPmJoY9dxHdfEwVzrxZwe9TZJmoqDkxV3C2fLs0B7ssOFpx8AJTh9EL 5EkNORo91XjZrH64MxvKcsrxzQrBqOYRwPG3pdQEJ8R5WF1Rw1tfkov9a8ndmPfA Epxi4bHetinb2EWVmKLl0S+lh0mmMk1WXWs/Cvf8AlYJzYc8LWDoq3a0G0SDGHQ2 KGq6diWtciu4NukwzOO8SIYZ6zqoaoLtDrrzQxOdX4IO83OBel0JSpiXFJGzNJw9 lKxMEHbBatWamwUqzSdU/+OUSQr8n2OgrT2Z3aJ/gsqEn4pNrli9O59DNP3j7sy2 ovMTTMgjIw/uAMQDi28Aw9nWXxIFyt8c6VACc2V/m0O7L/cz+Q6S2qBEcVn9vwVr bwEG1x6TZSNSIuwAUprlf2Dl6jKwgXbvXfRq4bLJoG8dU1NRPvYJDxG4TbJa/5N0 /y98u4R41vKzMYWcDQMdB0Pzu1VMNsOQDKBMVXhmBwjjpYfGER2TZ0tVYNy7OGYV PkEtSNvvMv+LSwqRwX7J35nd8xZ9071OF/YoUJ+9rkvqepbvWX0= =fN4W -----END PGP SIGNATURE----- --nextPart1863566.1AojA6SiXe--