On Fri, 25 Sep 2009, Jamie Gritton wrote:
It seems to be NFS related. I think the null pointer in question is from the export's anonymous credential. Try the patch below and see if it helps (which I guess means run it overnight and see if it crashes again). I've also patched a similar missing cred prison in GSS_SVC, since I'm not versed enough in NFS/RPC stuff to know if it might be the problem.
This is one of the reasons I really dislike "magic" credentials and special handling of NULL credentials -- they always get into code the author doesn't expect, and either there are bad pointer dereferences, or incorrect security decisions. It's almost always the case that a correct credential should have been cached or generated at some earlier point to represent the security context...
Robert
- Jamie Index: kern/vfs_export.c =================================================================== --- kern/vfs_export.c (revision 197506) +++ kern/vfs_export.c (working copy) @@ -122,6 +122,8 @@ np->netc_anon->cr_uid = argp->ex_anon.cr_uid; crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, argp->ex_anon.cr_groups); + np->netc_anon->cr_prison = &prison0; + prison_hold(np->netc_anon->cr_prison); np->netc_numsecflavors = argp->ex_numsecflavors; bcopy(argp->ex_secflavors, np->netc_secflavors, sizeof(np->netc_secflavors)); @@ -206,6 +208,8 @@ np->netc_anon->cr_uid = argp->ex_anon.cr_uid; crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups, np->netc_anon->cr_groups); + np->netc_anon->cr_prison = &prison0; + prison_hold(np->netc_anon->cr_prison); np->netc_numsecflavors = argp->ex_numsecflavors; bcopy(argp->ex_secflavors, np->netc_secflavors, sizeof(np->netc_secflavors)); Index: rpc/rpcsec_gss/svc_rpcsec_gss.c =================================================================== --- rpc/rpcsec_gss/svc_rpcsec_gss.c (revision 197506) +++ rpc/rpcsec_gss/svc_rpcsec_gss.c (working copy) @@ -449,6 +449,8 @@ cr->cr_uid = cr->cr_ruid = cr->cr_svuid = uc->uid; cr->cr_rgid = cr->cr_svgid = uc->gid; crsetgroups(cr, uc->gidlen, uc->gidlist); + cr->cr_prison = &prison0; + prison_hold(cr->cr_prison); *crp = crhold(cr); return (TRUE); _______________________________________________ freebsd-curr...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
_______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"