[Bug 235582] rpc_svc_gss / nfsd kernel panic
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Feb 7 23:35:04 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235582
--- Comment #2 from Peter Eriksson <peter.x.eriksson at liu.se> ---
This is a huge wild chance, but I was looking at the assembler code for the
svc_rpc_gss function at around the offset (0x8f2 = 2290) and it looks like
this:
0xffffffff8286d4bc <svc_rpc_gss+2268>: callq 0xffffffff8286bc50
<rpc_gss_oid_to_mech>
0xffffffff8286d4c1 <svc_rpc_gss+2273>: mov 0x78(%r14),%rsi
0xffffffff8286d4c5 <svc_rpc_gss+2277>: lea -0x38(%rbp),%rdi
0xffffffff8286d4c9 <svc_rpc_gss+2281>: lea -0x70(%rbp),%rdx
0xffffffff8286d4cd <svc_rpc_gss+2285>: callq 0xffffffff828678b0
<gss_export_name>
0xffffffff8286d4d2 <svc_rpc_gss+2290>: test %eax,%eax
0xffffffff8286d4d4 <svc_rpc_gss+2292>: je 0xffffffff8286d932
<svc_rpc_gss+3410>
Looking at the source code in the svc_rpcsec_gss.c file this _might_ correspond
to code in svc_rpc_gss_accept_sec_context() at around line 941:
client->cl_rawcred.version = RPCSEC_GSS_VERSION;
rpc_gss_oid_to_mech(mech, &client->cl_rawcred.mechanism);
maj_stat = gss_export_name(&min_stat, client->cl_cname,
&export_name);
if (maj_stat != GSS_S_COMPLETE) {
rpc_gss_log_status("gss_export_name", client->cl_mech,
maj_stat, min_stat);
return (FALSE);
}
client->cl_rawcred.client_principal =
mem_alloc(sizeof(*client->cl_rawcred.client_principal)
+ export_name.length);
client->cl_rawcred.client_principal->len = export_name.length;
memcpy(client->cl_rawcred.client_principal->name,
export_name.value, export_name.length);
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-fs
mailing list