8.0-RC1: kernel page fault in NLM master thread (VIMAGE or ZFS related?)

Robert Watson rwatson at FreeBSD.org
Sat Sep 26 23:47:20 UTC 2009 

On Fri, 25 Sep 2009, Jamie Gritton wrote:

> It seems to be NFS related.  I think the null pointer in question is from 
> the export's anonymous credential.  Try the patch below and see if it helps 
> (which I guess means run it overnight and see if it crashes again).  I've 
> also patched a similar missing cred prison in GSS_SVC, since I'm not versed 
> enough in NFS/RPC stuff to know if it might be the problem.

This is one of the reasons I really dislike "magic" credentials and special 
handling of NULL credentials -- they always get into code the author doesn't 
expect, and either there are bad pointer dereferences, or incorrect security 
decisions.  It's almost always the case that a correct credential should have 
been cached or generated at some earlier point to represent the security 
context...

Robert

>
> - Jamie
>
>
> Index: kern/vfs_export.c
> ===================================================================
> --- kern/vfs_export.c	(revision 197506)
> +++ kern/vfs_export.c	(working copy)
> @@ -122,6 +122,8 @@
> 		np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
> 		crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
> 		    argp->ex_anon.cr_groups);
> +		np->netc_anon->cr_prison = &prison0;
> +		prison_hold(np->netc_anon->cr_prison);
> 		np->netc_numsecflavors = argp->ex_numsecflavors;
> 		bcopy(argp->ex_secflavors, np->netc_secflavors,
> 		    sizeof(np->netc_secflavors));
> @@ -206,6 +208,8 @@
> 	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
> 	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
> 	    np->netc_anon->cr_groups);
> +	np->netc_anon->cr_prison = &prison0;
> +	prison_hold(np->netc_anon->cr_prison);
> 	np->netc_numsecflavors = argp->ex_numsecflavors;
> 	bcopy(argp->ex_secflavors, np->netc_secflavors,
> 	    sizeof(np->netc_secflavors));
> Index: rpc/rpcsec_gss/svc_rpcsec_gss.c
> ===================================================================
> --- rpc/rpcsec_gss/svc_rpcsec_gss.c	(revision 197506)
> +++ rpc/rpcsec_gss/svc_rpcsec_gss.c	(working copy)
> @@ -449,6 +449,8 @@
> 	cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
> 	cr->cr_rgid = cr->cr_svgid = uc->gid;
> 	crsetgroups(cr, uc->gidlen, uc->gidlist);
> +	cr->cr_prison = &prison0;
> +	prison_hold(cr->cr_prison);
> 	*crp = crhold(cr);
>
> 	return (TRUE);
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>

More information about the freebsd-current mailing list