Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 293593

Summary: net-fs/nfs-utils-1.2.0 rpc.gssd segfaults during nfs4 mount with krb5 security
Product: Gentoo Linux Reporter: Florian Manschwetus <FlorianManschwetus>
Component: [OLD] UnspecifiedAssignee: Network Filesystems <net-fs>
Status: RESOLVED FIXED    
Severity: normal CC: flameeyes, kerberos, malte.swart, matare
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Florian Manschwetus 2009-11-18 08:01:17 UTC
Syslog:
Nov 18 08:52:15 digilib kernel: rpc.gssd[7296]: segfault at 1 ip 00007fd13c53592e sp 00007fff7f8b0b38 error 4 in libgssglue.so.1.0.0[7fd13c532000+8000]

# rpc.gssd -fnrrrvvv
Warning: rpcsec_gss library does not support setting debug level
beginning poll
handling krb5 upcall
getting credentials for client with uid 0 for server janus.some.realm.de
CC file '/tmp/krb5cc_10219_C21016' being considered, with preferred realm 'SOME.REALM.DE'
CC file '/tmp/krb5cc_10219_C21016' owned by 10219, not 0
CC file '/tmp/krb5cc_0' being considered, with preferred realm 'SOME.REALM.DE'
CC file '/tmp/krb5cc_0'(host/digilib.some.realm.de@SOME.REALM.DE) passed all checks and has mtime of 1258528201
using FILE:/tmp/krb5cc_0 as credentials cache for client with uid 0 for server janus.some.realm.de
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_0
creating context using fsuid 0 (save_uid 0)
segfault

# mount -t nfs4 -vvv -o sec=krb5 janus:/export/data /mnt/cdrom/
mount: fstab path: "/etc/fstab"
mount: mtab path:  "/etc/mtab"
mount: lock path:  "/etc/mtab~"
mount: temp path:  "/etc/mtab.tmp"
mount: UID:        0
mount: eUID:       0
mount: spec:  "janus:/export/data"
mount: node:  "/mnt/cdrom/"
mount: types: "nfs4"
mount: opts:  "sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "janus:/export/data"
mount: external mount: argv[2] = "/mnt/cdrom/"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5"
mount.nfs4: timeout set for Wed Nov 18 08:59:19 2009
mount.nfs4: trying text-based options 'sec=krb5,addr=192.168.163.80,clientaddr=192.168.163.91'
mount.nfs4: mount(2): Broken pipe
mount.nfs4: Broken pipe

# emerge --info
=================================================================                           
System uname: Linux-2.6.31-gentoo-r1-x86_64-Intel-R-_Xeon-R-_CPU_E5440_@_2.83GHz-with-gentoo-2.0.1                                                                                      
Timestamp of tree: Mon, 16 Nov 2009 12:45:01 +0000                                          
ccache version 2.4 [enabled]                                                                
app-shells/bash:     4.0_p35                                                                
dev-java/java-config: 1.3.7, 2.1.9-r1                                                       
dev-lang/python:     2.5.4-r3, 2.6.4, 3.1.1-r1                                              
dev-python/pycrypto: 2.0.1-r6                                                               
dev-util/ccache:     2.4-r8                                                                 
sys-apps/baselayout: 2.0.1                                                                  
sys-apps/openrc:     0.5.2-r2                                                               
sys-apps/sandbox:    2.2                                                                    
sys-devel/autoconf:  2.63-r1                                                                
sys-devel/automake:  1.7.9-r1, 1.9.6-r2, 1.10.2, 1.11                                       
sys-devel/binutils:  2.20                                                                   
sys-devel/gcc-config: 1.4.1                                                                 
sys-devel/libtool:   2.2.6a                                                                 
virtual/os-headers:  2.6.30-r1                                                              
ACCEPT_KEYWORDS="amd64 ~amd64"                                                              
ACCEPT_LICENSE="*"                                                                          
CBUILD="x86_64-pc-linux-gnu"                                                                
CFLAGS="-O2 -march=core2 -msse4.1 -pipe -fomit-frame-pointer"                               
CHOST="x86_64-pc-linux-gnu"                                                                 
CONFIG_PROTECT="/etc"                                                                       
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"                               
CXXFLAGS="-O2 -march=core2 -msse4.1 -pipe -fomit-frame-pointer"                             
DISTDIR="/usr/portage/distfiles"                                                            
FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"                    
GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/"                 
LANG="de_DE.UTF-8"                                                                          
LC_ALL="de_DE.UTF-8"                                                                        
LDFLAGS="-Wl,-O1"                                                                           
LINGUAS="de"                                                                                
MAKEOPTS="-j20 -l2"                                                                         
PKGDIR="/usr/portage/packages"                                                              
PORTAGE_CONFIGROOT="/"                                                                      
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"                                                                                      
PORTAGE_TMPDIR="/var/tmp"                                                                   
PORTDIR="/usr/portage"                                                                      
PORTDIR_OVERLAY="/usr/local/portage"                                                        
SYNC="rsync://rsync1.de.gentoo.org/gentoo-portage"
USE="X509 acl acpi ads afs amd64 apache2 automount bash-completion berkdb branding bzip2 chroot cli cracklib crypt custom-cflags dbus dhcp directfb eap-tls epson foomaticdb fortran gdbm gif gnutls gpg gpm hal iconv imagemagick imap innodb ipv6 jpeg jpeg2k kerberos ldap ldap-sasl logrotate lzo memlimit mime mmx mmxext mng mod_muc modules mudflap multilib multiprocess mysql mysqli ncurses nfs nls nptl nptlonly odbc openmp openssl opensslcrypt overlays pam pam_chroot pcre pdf perl php png postgres ppds pppd python quotas radius rar rdesktop readline reflection resolvconf samba sasl session smp spl sse sse2 ssl svg svgz svnserve swat sysfs syslog szip tcpd threads tidy tiff unicode unzip upnp userlocales vhosts vram web webdav winbind wmf xinetd xml xmlwriter zeroconf zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Florian Manschwetus 2009-11-18 08:15:58 UTC
I retested three times:
Nov 18 08:52:15 digilib kernel: rpc.gssd[7296]: segfault at 1 ip 00007fd13c53592e sp 00007fff7f8b0b38 error 4 in libgssglue.so.1.0.0[7fd13c532000+8000]
Nov 18 08:57:19 digilib kernel: rpc.gssd[7616]: segfault at 1 ip 00007ff431db292e sp 00007fff3a1f2558 error 4 in libgssglue.so.1.0.0[7ff431daf000+8000]
Nov 18 08:58:38 digilib kernel: rpc.gssd[7720]: segfault at 1 ip 00007faefe4b992e sp 00007fff208714c8 error 4 in libgssglue.so.1.0.0[7faefe4b6000+8000]
Comment 2 SpanKY gentoo-dev 2009-12-04 09:17:41 UTC
dont suppose 1.2.1 fares any better ?
Comment 3 Malte Swart 2009-12-04 21:38:44 UTC
same problem with net-fs/nfs-utils-1.2.1 USE="kerberos nfsv4 tcpd -ipv6 -nfsv3":
kernel: [  304.942334] rpc.gssd[1670]: segfault at 1 ip 00006c12e7db8ac4 sp 00007832d36526c8 error 4 in libgssglue.so.1.0.0[6c12e7db5000+8000]

mounting without kerberos works correctly.

emerge --info (server+client):
Portage 2.2_rc55 (hardened/linux/amd64/10.0, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6.29-hardened-20091120 x86_64)
=================================================================
System uname: Linux-2.6.29-hardened-20091120-x86_64-QEMU_Virtual_CPU_version_0.10.50-with-gentoo-2.0.1
Timestamp of tree: Fri, 04 Dec 2009 18:00:01 +0000
app-shells/bash:     4.0_p28
dev-lang/python:     2.6.4
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.5.3
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.63-r1
sys-devel/automake:  1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=amdfam10 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=amdfam10 -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://de-mirror.org/distro/gentoo http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1"
LINGUAS="en"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acl amd64 bash-completion berkdb bzip2 cli cracklib crypt cups cxx dri gdbm gpm hardened iconv justify kerberos mmx modules mudflap multilib ncurses nls nptl nptlonly openmppam pcre pic pppd python readline reflection ruby session spl sse sse2 ssl sysfs tcpd unicode urandom utf8 vim-syntax xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 4 Loren M. Lang 2010-01-23 03:10:48 UTC
I am having the same issue with nfs-utils-1.2.[01], libgssglue-0.1-r1, mit-krb5-1.6.3-r6 and libtirpc-0.1.10.  Attempting to use and krb5 security flavor with nfs or nfs4 causes a seg fault in rpc.gssd.

Program received signal SIGSEGV, Segmentation fault.
0xb7dd596d in __gss_get_mechanism_cred (union_cred=0x8436f38, mech_type=0x805524c) at g_glue.c:295
295		if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
(gdb) bt
#0  0xb7dd596d in __gss_get_mechanism_cred (union_cred=0x8436f38, mech_type=0x805524c) at g_glue.c:295
#1  0xb7dd8bb1 in gss_set_allowable_enctypes (minor_status=0xbff4bd4c, cred_handle=0x8436f38, mech_type=0x805524c, num_ktypes=3, ktypes=0xbff4bd34)
    at g_set_allowable_enctypes.c:68
#2  0x0804e389 in limit_krb5_enctypes (sec=0xbff4c1a4, uid=0) at krb5_util.c:335
#3  0x0804d4c8 in create_auth_rpc_client (clp=0x8435e78, clnt_return=0xbff4c21c, auth_return=0xbff4c218, uid=0, authtype=0) at gssd_proc.c:711
#4  0x0804da27 in handle_krb5_upcall (clp=0x8435e78) at gssd_proc.c:860
#5  0x0804bb90 in scan_poll_results (ret=1) at gssd_main_loop.c:81
#6  0x0804be39 in gssd_run () at gssd_main_loop.c:151
#7  0x0804bade in main (argc=2, argv=0xbff4c484) at gssd.c:193
294	    for (i=0; i < union_cred->count; i++) {
295		if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
296		    return union_cred->cred_array[i];
297	    }

Examining union_cred, the count is 138637112 and many other values look wrong.  Previously, union_cred was type-casted from gss_cred_id_t to gss_union_cred_t.  The original value came from a call to gss_acquire_cred().  Setting a breakpoint on that call and examining it's return shows  gss_acquire_cred() returns with major and minor status of 0, a desired_mech that looks reasonable, but the sixth argument which become union_cred above looks wrong after casting to gss_union_cred_t.
Comment 5 Victor Mataré 2010-05-05 00:52:45 UTC
maybe related (or identical) to this?
http://linux-nfs.org/pipermail/nfsv4/2010-March/012282.html
Comment 6 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-23 01:12:42 UTC
YAI! I positively adore abi breakage, grml..
Comment 7 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-23 01:50:50 UTC
Okay one problem was a bug in nfs-utils which I fixed in tree now and tomorrow if I have time will send upstream (if Mike does not beat me to it). To be on the safe side I'll also be kicking away the .la from libtirpc.
Comment 8 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-23 02:03:02 UTC
This is fixed with nfs-utils 1.2.2-r2 and libtirpc-0.2.1. HTH!
Comment 9 SpanKY gentoo-dev 2010-07-23 03:26:48 UTC
you didnt say what you actually changed
Comment 10 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-07-23 03:41:24 UTC
Dropped the .la file from libtirpc (otherwise libtool screws up the order of linking), and fixed nfs-utils to actually link libgssglue (it was a stupid typo on the configure.ac file). Patched up and works.

By chance, and pure luck, since it _relies_ on symbol collisions.

But what the heck, I don't have to fix the world, just make it work ;)