[Bug 235582] rpc_svc_gss / nfsd kernel panic
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Feb 9 05:18:39 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235582
Rick Macklem <rmacklem at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #201858|0 |1
is obsolete| |
--- Comment #7 from Rick Macklem <rmacklem at FreeBSD.org> ---
Created attachment 201862
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=201862&action=edit
updated fix for srv side rpcsec_gss NULL client principal
This is an update to the 201858 patch which does a couple
of printf()s and no KASSERT().
It uses a local clname instead of the one in client->cl_cname
so that any race caused by multiple RPC requests with the same
handle and GSS_S_CONTINUE_INIT will be handled.
(gss_release_name() sets client->cl_cname NULL and that could
have resulted in the crash if multiple RPCs were received and
handled concurrently as above.)
I didn't think that gss_accept_sec_context() ever returned
GSS_S_CONTINUE_INIT for Kerberos mechanism, but I could be
wrong on this and if this does happen and the client erroneously
sends the next token RPC twice, it could try to use client->cl_cname
after it is set NULL by the gss_release_name() for the previous
RPC message.
The printf()s should tell us more about how the NULL cname happens.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-fs
mailing list