With the recent changes for:
PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris
4994017 data structure sharing between rpcbind and libnsl leads to accidents
6549510 Need the ability to store SIDs in the Solaris cred_t
6549515 PSARC 2007/064: uid_t and gid_t to become unsigned
the opensolaris kernel now panics with a simple file copy from a pcfs
filesystem: cp /path/to/a/file/on/a/pcfs/filesystem /tmp, e.g.
cp /media/MightyDrive/onnv-gate.hg /tmp
panic[cpu1]/thread=fffffffed5952da0:
BAD TRAP: type=e (#pf Page fault) rp=ffffff0005108b40 addr=68 occurred in module
"genunix" due to a NULL pointer dereference
nautilus:
#pf Page fault
Bad kernel fault at addr=0x68
pid=723, pc=0xfffffffffb94c71c, sp=0xffffff0005108c30, eflags=0x10286
cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 6f8<xmme,fxsr,pge,mce,pae,pse,de>
cr2: 68 cr3: 2015000 cr8: c
rdi: 0 rsi: 0 rdx: 0
rcx: 10000 r8: 0 r9: fffffffed63fa780
rax: 0 rbx: 10000 rbp: ffffff0005108c40
r10: 0 r11: fffffffed5952da0 r12: 0
r13: 0 r14: fffffffeda2ea440 r15: fffffffed9d62080
fsb: 0 gsb: fffffffec1611800 ds: 4b
es: 4b fs: 0 gs: 1c3
trp: e err: 0 rip: fffffffffb94c71c
cs: 30 rfl: 10286 rsp: ffffff0005108c30
ss: 0
ffffff0005108a20 unix:die+c8 ()
ffffff0005108b30 unix:trap+135b ()
ffffff0005108b40 unix:cmntrap+e9 ()
ffffff0005108c40 genunix:crgetmapped+c ()
ffffff0005108ca0 genunix:fop_putpage+4a ()
ffffff0005108cd0 pcfs:syncpcp+3f ()
ffffff0005108d10 pcfs:pc_rele+88 ()
ffffff0005108d50 pcfs:pcfs_inactive+a7 ()
ffffff0005108d90 genunix:fop_inactive+b4 ()
ffffff0005108dc0 genunix:vn_rele+5c ()
ffffff0005108e00 genunix:closef+6e ()
ffffff0005108ea0 genunix:closeandsetf+458 ()
ffffff0005108ec0 genunix:close+14 ()
ffffff0005108f10 unix:brand_sys_syscall32+1a3 ()
syncing file systems...
2
done
dumping to /dev/dsk/c1d0s1, offset 431030272, content: kernel
> $c
crgetmapped+0xc(0)
fop_putpage+0x4a(fffffffeda2ea440, 0, 0, 10000, 0)
syncpcp+0x3f(fffffffeda085ae0, 10000)
pc_rele+0x88(fffffffeda085ae0)
pcfs_inactive+0xa7(fffffffeda2ea440, fffffffed4ccb538)
fop_inactive+0xb4(fffffffeda2ea440, fffffffed4ccb538)
vn_rele+0x5c(fffffffeda2ea440)
closef+0x6e(fffffffed37a1038)
closeandsetf+0x458(16, 0)
close+0x14(16)
sys_syscall32+0x101()
> crgetmapped::dis
crgetmapped: pushq %rbp
crgetmapped+1: movq %rsp,%rbp
crgetmapped+4: subq $0x10,%rsp
crgetmapped+8: movq %rdi,-0x8(%rbp)
crgetmapped+0xc: movq 0x68(%rdi),%r9 <<<<<<<<<<<<<<<<<<<<<<<<
crgetmapped+0x10: testq %r9,%r9
crgetmapped+0x13: je +0x3b <crgetmapped+0x50>
crgetmapped+0x15: xorl %ecx,%ecx
crgetmapped+0x17: xorq %r8,%r8
crgetmapped+0x1a:
movq +0x326d0f(%rip),%rax <ephemeral_data+0x10>
crgetmapped+0x21: cmpl $0x7fffffff,0x8(%r9,%r8)
crgetmapped+0x2a: ja +0x27 <crgetmapped+0x53>
crgetmapped+0x2c: addq $0x18,%r8
crgetmapped+0x30: incl %ecx
crgetmapped+0x32: cmpl $0x3,%ecx
crgetmapped+0x35: jl -0x16 <crgetmapped+0x21>
crgetmapped+0x37: movq 0x50(%r9),%r8
crgetmapped+0x3b: testq %r8,%r8
crgetmapped+0x3e: je +0x10 <crgetmapped+0x50>
crgetmapped+0x40: cmpl $0x0,0x8(%r8)
crgetmapped+0x45: jbe +0x9 <crgetmapped+0x50>
crgetmapped+0x47:
movq +0x326ce2(%rip),%rax <ephemeral_data+0x10>
crgetmapped+0x4e: jmp +0x3 <crgetmapped+0x53>
crgetmapped+0x50: movq %rdi,%rax
crgetmapped+0x53: leave
crgetmapped+0x54: ret
pc_rele() calls syncpcp(), which calls fop_putpage with a NULL cred_t ?
usr/src/uts/common/os/cred.c, crgetmapped() might have to handle a
NULL cred_t arg?
/*
* If the credential contains any ephemeral IDs, map the credential
* to nobody.
*/
cred_t *
crgetmapped(const cred_t *cr)
{
if (cr->cr_ksid != NULL) {
int i;
for (i = 0; i < KSID_COUNT; i++)
if (cr->cr_ksid->kr_sidx[i].ks_id > MAXUID)
return (ephemeral_data.nobody);
if (cr->cr_ksid->kr_sidlist != NULL &&
cr->cr_ksid->kr_sidlist->ksl_neid > 0) {
return (ephemeral_data.nobody);
}
}
return ((cred_t *)cr);
}
Or the VOPXID_MAP_CR macro in usr/src/uts/common/fs/vnode.c has to
handle the NULL cr; shouldn't call crgetmapped() when cr == NULL ?
_______________________________________________
ufs-discuss mailing list
[email protected]
