Re: Kernel panic when accessing ZFS-Filesystem via NFS

From: Doug Rabson <dfr_at_rabson.org>
Date: Thu, 4 Jun 2009 08:34:30 +0100
On 3 Jun 2009, at 20:42, Bjoern A. Zeeb wrote:

> On Wed, 3 Jun 2009, Wesley Shields wrote:
>
> Hi,
>
>>>>> ...
>
>> [ The panic message and backtrace from ddb is at
>> http://people.freebsd.org/~wxs/crash.txt ]
>>
> ...
>> cred->cr_prison is null? It is my understanding that when not jailed
>> cred->cr_prison should be &prison0 with the new hierarchical jails.  
>> The
>> fact that it is null is causing prison_priv_check to enter the switch
>> statement, leading to the crash.
>>
>> I'm not sure why cred->cr_prison is null in this case.
>
> The question here is not if  cred->cr_prison can be null but where is
> the cred coming from?
>
> If you look at init_main.c around lines 440 - 457 you'll find prison0
> being further initialized (cpuset) and p_ucred->cr_prison being set to
> &prsion0. And a bit further down in l470 td_ucred is initialized from
> that. cr_prison should thus always be setup.
>
> What you are looking at above looks like a crget() with only
> cr_ngroups updated.
>
> [removing a lot more text as I was going on debugging in a very small
> window]
>
> I would start looking at svc_getcred() and blame at least the
> AUTH_UNIX case;  end of rpc/svc_auth.c.  This looks like a big NO-NO.
> I am pretty sure I'd also want to audit svc_rpc_gss(), just in case.

The NFS server is creating a ucred which describes the privileges to  
be given to the remote user. What is the correct way to do this and  
where can I read the documentation?
Received on Thu Jun 04 2009 - 05:35:02 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:49 UTC