On Fri, 25 Sep 2009, Jamie Gritton wrote:
It seems to be NFS related. I think the null pointer in question is from
the export's anonymous credential. Try the patch below and see if it helps
(which I guess means run it overnight and see if it crashes again). I've
also patched a similar missing cred prison in GSS_SVC, since I'm not versed
enough in NFS/RPC stuff to know if it might be the problem.
This is one of the reasons I really dislike "magic" credentials and special
handling of NULL credentials -- they always get into code the author doesn't
expect, and either there are bad pointer dereferences, or incorrect security
decisions. It's almost always the case that a correct credential should have
been cached or generated at some earlier point to represent the security
context...
Robert
- Jamie
Index: kern/vfs_export.c
===================================================================
--- kern/vfs_export.c (revision 197506)
+++ kern/vfs_export.c (working copy)
@@ -122,6 +122,8 @@
np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
argp->ex_anon.cr_groups);
+ np->netc_anon->cr_prison = &prison0;
+ prison_hold(np->netc_anon->cr_prison);
np->netc_numsecflavors = argp->ex_numsecflavors;
bcopy(argp->ex_secflavors, np->netc_secflavors,
sizeof(np->netc_secflavors));
@@ -206,6 +208,8 @@
np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
np->netc_anon->cr_groups);
+ np->netc_anon->cr_prison = &prison0;
+ prison_hold(np->netc_anon->cr_prison);
np->netc_numsecflavors = argp->ex_numsecflavors;
bcopy(argp->ex_secflavors, np->netc_secflavors,
sizeof(np->netc_secflavors));
Index: rpc/rpcsec_gss/svc_rpcsec_gss.c
===================================================================
--- rpc/rpcsec_gss/svc_rpcsec_gss.c (revision 197506)
+++ rpc/rpcsec_gss/svc_rpcsec_gss.c (working copy)
@@ -449,6 +449,8 @@
cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid;
cr->cr_rgid = cr->cr_svgid = uc->gid;
crsetgroups(cr, uc->gidlen, uc->gidlist);
+ cr->cr_prison = &prison0;
+ prison_hold(cr->cr_prison);
*crp = crhold(cr);
return (TRUE);
_______________________________________________
freebsd-curr...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
