On 3/8/2021 7:20 PM, Benjamin Kaduk ([email protected]) wrote:
On Mon, Mar 08, 2021 at 07:35:19PM +0000, Martin Kelly wrote:Below is the LKML LSM thread regarding this. Please let me know if you have any other questions:https://www.spinics.net/lists/linux-security-module/msg39081.html https://www.spinics.net/lists/linux-security-module/msg39083.htmlThanks for spotting this thread and the quick follow-up.
This is the same thread that Yadav discussed with the openafs-release team on 11 Dec 2020.
I suspect that the changes at https://gerrit.openafs.org/#/c/13751/ are going to be relevant in this space, but without seeing the stack trace of the crash in question it's hard to be sure. Can you speak to whether this is touching the "right" part of the code with respect to the crashes you were investigating?
The suggested change was cherry-picked to openafs-stable-1_8_x ashttps://gerrit.openafs.org/14082 and merged as ee578e92d9f810d93659a9805d0c12084fe2bb95.
As Jonathan wrote to IRC OpenAFS: > (4:53:15 PM) billings: I built openafs from the latest commit in > 1_8_x and crowdstrike still panics, so it doesnt look like any > merged commits there fix my issue. Martin's e-mail describes the call pattern: > - A process exits, calling task_exit(). I think Martin meant do_exit(). > - exit_fs() is called, setting current->fs = NULL. task_struct field struct fs_struct *fs; > - Next, exit_task_work() is called, exit_task_work() calls task_work_run() which flushes any pending works. > which calls fput(). which must have been called by a pending work. > - In response to the fput(), the filesystem opens a file disk cache > to update some metadata, calling dentry_open(). dentry_open() in turn will trigger a call to any configured LSM. If task_struct.fs is NULL, Kaboom!!! Jeffrey Altman
<<attachment: jaltman.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
