Summary: | net-fs/nfs-utils-1.2.0 rpc.gssd segfaults during nfs4 mount with krb5 security | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Florian Manschwetus <manschwetus> |
Component: | [OLD] Unspecified | Assignee: | Network Filesystems <net-fs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | flameeyes, kerberos, malte.swart, vmatare+gbug |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Florian Manschwetus
2009-11-18 08:01:17 UTC
I retested three times: Nov 18 08:52:15 digilib kernel: rpc.gssd[7296]: segfault at 1 ip 00007fd13c53592e sp 00007fff7f8b0b38 error 4 in libgssglue.so.1.0.0[7fd13c532000+8000] Nov 18 08:57:19 digilib kernel: rpc.gssd[7616]: segfault at 1 ip 00007ff431db292e sp 00007fff3a1f2558 error 4 in libgssglue.so.1.0.0[7ff431daf000+8000] Nov 18 08:58:38 digilib kernel: rpc.gssd[7720]: segfault at 1 ip 00007faefe4b992e sp 00007fff208714c8 error 4 in libgssglue.so.1.0.0[7faefe4b6000+8000] dont suppose 1.2.1 fares any better ? same problem with net-fs/nfs-utils-1.2.1 USE="kerberos nfsv4 tcpd -ipv6 -nfsv3": kernel: [ 304.942334] rpc.gssd[1670]: segfault at 1 ip 00006c12e7db8ac4 sp 00007832d36526c8 error 4 in libgssglue.so.1.0.0[6c12e7db5000+8000] mounting without kerberos works correctly. emerge --info (server+client): Portage 2.2_rc55 (hardened/linux/amd64/10.0, gcc-4.3.4, glibc-2.9_p20081201-r2, 2.6.29-hardened-20091120 x86_64) ================================================================= System uname: Linux-2.6.29-hardened-20091120-x86_64-QEMU_Virtual_CPU_version_0.10.50-with-gentoo-2.0.1 Timestamp of tree: Fri, 04 Dec 2009 18:00:01 +0000 app-shells/bash: 4.0_p28 dev-lang/python: 2.6.4 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.5.3 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=amdfam10 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=amdfam10 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://de-mirror.org/distro/gentoo http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl amd64 bash-completion berkdb bzip2 cli cracklib crypt cups cxx dri gdbm gpm hardened iconv justify kerberos mmx modules mudflap multilib ncurses nls nptl nptlonly openmppam pcre pic pppd python readline reflection ruby session spl sse sse2 ssl sysfs tcpd unicode urandom utf8 vim-syntax xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY I am having the same issue with nfs-utils-1.2.[01], libgssglue-0.1-r1, mit-krb5-1.6.3-r6 and libtirpc-0.1.10. Attempting to use and krb5 security flavor with nfs or nfs4 causes a seg fault in rpc.gssd. Program received signal SIGSEGV, Segmentation fault. 0xb7dd596d in __gss_get_mechanism_cred (union_cred=0x8436f38, mech_type=0x805524c) at g_glue.c:295 295 if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) (gdb) bt #0 0xb7dd596d in __gss_get_mechanism_cred (union_cred=0x8436f38, mech_type=0x805524c) at g_glue.c:295 #1 0xb7dd8bb1 in gss_set_allowable_enctypes (minor_status=0xbff4bd4c, cred_handle=0x8436f38, mech_type=0x805524c, num_ktypes=3, ktypes=0xbff4bd34) at g_set_allowable_enctypes.c:68 #2 0x0804e389 in limit_krb5_enctypes (sec=0xbff4c1a4, uid=0) at krb5_util.c:335 #3 0x0804d4c8 in create_auth_rpc_client (clp=0x8435e78, clnt_return=0xbff4c21c, auth_return=0xbff4c218, uid=0, authtype=0) at gssd_proc.c:711 #4 0x0804da27 in handle_krb5_upcall (clp=0x8435e78) at gssd_proc.c:860 #5 0x0804bb90 in scan_poll_results (ret=1) at gssd_main_loop.c:81 #6 0x0804be39 in gssd_run () at gssd_main_loop.c:151 #7 0x0804bade in main (argc=2, argv=0xbff4c484) at gssd.c:193 294 for (i=0; i < union_cred->count; i++) { 295 if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) 296 return union_cred->cred_array[i]; 297 } Examining union_cred, the count is 138637112 and many other values look wrong. Previously, union_cred was type-casted from gss_cred_id_t to gss_union_cred_t. The original value came from a call to gss_acquire_cred(). Setting a breakpoint on that call and examining it's return shows gss_acquire_cred() returns with major and minor status of 0, a desired_mech that looks reasonable, but the sixth argument which become union_cred above looks wrong after casting to gss_union_cred_t. maybe related (or identical) to this? http://linux-nfs.org/pipermail/nfsv4/2010-March/012282.html YAI! I positively adore abi breakage, grml.. Okay one problem was a bug in nfs-utils which I fixed in tree now and tomorrow if I have time will send upstream (if Mike does not beat me to it). To be on the safe side I'll also be kicking away the .la from libtirpc. This is fixed with nfs-utils 1.2.2-r2 and libtirpc-0.2.1. HTH! you didnt say what you actually changed Dropped the .la file from libtirpc (otherwise libtool screws up the order of linking), and fixed nfs-utils to actually link libgssglue (it was a stupid typo on the configure.ac file). Patched up and works. By chance, and pure luck, since it _relies_ on symbol collisions. But what the heck, I don't have to fix the world, just make it work ;) |