On 10 July 2010 08:33, Nicolas Thery <[email protected]> wrote: > I reproduced the bug and I'm giving it a look. > Cheers, > Nicolas > > On 2 July 2010 19:27, Tero Jaasko > <[email protected]> wrote: >> >> Hello, >> I am getting a "Fatal trap 12: page fault while in kernel mode" -panic on >> a samba mount command, e.g. >> "mount_smbfs -I 192.168.0.195 //[email protected]/share /mnt/share/". [...] >> There seems to be a problem in prison_replace_wildcards() at >> sys/kern/kern_jail.c:, as the given "td->td_ucred" is NULL. The attached >> kgdb.txt contains my attempt at debugging the situation. >> >> The panic is 100% reproducible on my system and I have a few kernel dumps >> from the situation, if somebody needs tehm. I have attached a band-aid kind >> of patch, which seems to work, at least with it the samba works as expected, >> but perhaps it is not a correct solution.
td is a samba kernel thread created in smb_iod_create() by calling kthread_create_compat() which according to its comment is used only for samba. kthread_create_compat() forks process 0 so the resulting kernel thread is a bit different from other kernel threads: td->td_ucred == NULL but td->td_proc != NULL (it points to the forked process). This explains why the td_proc == NULL check at the beginning of prison_replace_wildcard(), which is presumably there for detecting kernel threads, fails. prison_remote_ip() already checks if td_ucred != NULL before dereferencing it so your patch looks good and a committed it. In the longer term, changing samba to create a lwkt is probably the way to go. Thanks for reporting this issue and fixing it.
