From: "J. Bruce Fields" <bfields@fieldses.org>
To: Simo Sorce <simo@redhat.com>
Cc: bfields@redhat.com, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd
Date: Tue, 10 Jul 2012 17:05:11 -0400 [thread overview]
Message-ID: <20120710210511.GB6038@fieldses.org> (raw)
In-Reply-To: <20120710204913.GA6038@fieldses.org>
On Tue, Jul 10, 2012 at 04:49:13PM -0400, bfields wrote:
> On Fri, May 25, 2012 at 06:09:52PM -0400, Simo Sorce wrote:
> > This patchset implements a new upcall mechanism that uses the sunrpc
> > client to talk to gssproxy[1], a new userspace daemon that handles gssapi
> > operations on behalf of other processes on the system.
> >
> > The main driver for this new mechanism is to overcome limitations with
> > the current daemon and upcall. The current code cannot handle tickets
> > larger than approximatively 2k and cannot handle sending back large user
> > credential sets to the kernel.
> >
> > These patches have been tested against the development version of gssproxy
> > tagged as kernel_v0.1 in the master repo[2].
> >
> > I have tested walking into mountpoints using tickets artificially pumped
> > up to 64k and the user is properly authorized, after the accept_se_context
> > call is performed through the new upcall mechanism and gssproxy.
> >
> > The gssproxy has the potential of handling also init_sec_context calls,
> > but at the moment the only targeted system is nfsd.
>
> OK, absent objections from anyone else I'm commiting these for 3.6 and
> pushing them out soon pending some regression testing. Thanks!
Whoops, I spoke too soon. I'll take a quick look tomorrow, but if you
have an idea that would be great....
The code I'm running is in
git://linux-nfs.org/~bfields/linux-topics.git for-3.6-incoming
Looks like the BUG() case in gss_get_mic_kerberos(), so ctx->enctype is
bogus--maybe a context isn't getting initialized right?
--b.
kernel BUG at net/sunrpc/auth_gss/gss_krb5_seal.c:213!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU 1
Modules linked in: rpcsec_gss_krb5 iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi nfsd lockd nfs_acl auth_rpcgss sunrpc [last unloaded: scsi_wait_scan]
Pid: 4924, comm: nfsd Not tainted 3.5.0-rc3-00104-g3521b3f #14 Bochs Bochs
RIP: 0010:[<ffffffffa00e4076>] [<ffffffffa00e4076>] gss_get_mic_kerberos+0x26/0x310 [rpcsec_gss_krb5]
RSP: 0018:ffff880035ed9aa0 EFLAGS: 00010202
RAX: ffffffffa00e7e20 RBX: ffff8800392398f8 RCX: ffff880032c53000
RDX: ffff880035ed9ba0 RSI: ffff880035ed9b50 RDI: ffff880036ffd8b8
RBP: ffff880035ed9b30 R08: 0000000000000000 R09: ffff8800391afb20
R10: 0000000000000000 R11: 0000000000000001 R12: ffff880032c53014
R13: ffff880035ed9ba0 R14: ffff880035ed9b50 R15: ffff880036ffd8b8
FS: 0000000000000000(0000) GS:ffff88003fc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f0a38b45000 CR3: 0000000032cc8000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process nfsd (pid: 4924, threadinfo ffff880035ed8000, task ffff88003b326040)
Stack:
ffff880035ed9b10 ffffffffa001c163 0000000000000004 ffff880035f365b0
0000000000015240 00000000000000c0 000000004ffc95c7 0000000000000000
ffff880035e8adf0 ffff880035ed9b20 ffff88003beecda8 ffff880035f36590
Call Trace:
[<ffffffffa001c163>] ? cache_check+0x73/0x380 [sunrpc]
[<ffffffffa0056bd3>] gss_get_mic+0x13/0x20 [auth_rpcgss]
[<ffffffffa0058255>] gss_write_verf+0x95/0x110 [auth_rpcgss]
[<ffffffffa00593bb>] svcauth_gss_legacy_init+0x24b/0x5f0 [auth_rpcgss]
[<ffffffffa0059170>] ? svcauth_gss_register_pseudoflavor+0xc0/0xc0 [auth_rpcgss]
[<ffffffffa005a1f1>] svcauth_gss_accept+0x501/0xa90 [auth_rpcgss]
[<ffffffffa0059cf0>] ? svcauth_gss_proxy_init+0x590/0x590 [auth_rpcgss]
[<ffffffffa0013aca>] ? svc_authenticate+0x5a/0xe0 [sunrpc]
[<ffffffffa0013aca>] ? svc_authenticate+0x5a/0xe0 [sunrpc]
[<ffffffffa0013b36>] svc_authenticate+0xc6/0xe0 [sunrpc]
[<ffffffffa000f57d>] svc_process_common+0x20d/0x690 [sunrpc]
[<ffffffff81079750>] ? try_to_wake_up+0x330/0x330
[<ffffffffa0087bd0>] ? nfsd_svc+0x230/0x230 [nfsd]
[<ffffffffa000fd50>] svc_process+0x110/0x160 [sunrpc]
[<ffffffffa0087c8d>] nfsd+0xbd/0x1a0 [nfsd]
[<ffffffffa0087bd0>] ? nfsd_svc+0x230/0x230 [nfsd]
[<ffffffff8106675e>] kthread+0x9e/0xb0
[<ffffffff819af494>] kernel_thread_helper+0x4/0x10
[<ffffffff819a735d>] ? retint_restore_args+0xe/0xe
[<ffffffff810666c0>] ? __init_kthread_worker+0x70/0x70
[<ffffffff819af490>] ? gs_change+0xb/0xb
Code: fe ff ff 90 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 68 66 66 66 66 90 48 8b 5f 08 49 89 f6 49 89 d5 83 7b 04 17 76 04 <0f> 0b eb fe 48 63 4b 04 b8 01 00 00 00 48 d3 e0 a9 50 00 80 00
RIP [<ffffffffa00e4076>] gss_get_mic_kerberos+0x26/0x310 [rpcsec_gss_krb5]
RSP <ffff880035ed9aa0>
---[ end trace 797c56ca0aa53457 ]---
next prev parent reply other threads:[~2012-07-10 21:05 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-25 22:09 [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd Simo Sorce
2012-05-25 22:09 ` [PATCH 1/4] SUNRPC: conditionally return endtime from import_sec_context Simo Sorce
2012-05-25 22:09 ` [PATCH 2/4] SUNRPC: Document a bit RPCGSS handling in the NFS Server Simo Sorce
2012-05-25 22:09 ` [PATCH 3/4] SUNRPC: Add RPC based upcall mechanism for RPCGSS auth Simo Sorce
2012-05-25 22:09 ` [PATCH 4/4] SUNRPC: Use gssproxy upcall for nfsd's RPCGSS authentication Simo Sorce
2012-07-10 20:49 ` [PATCH 0/4] Add support for new RPCSEC_GSS upcall mechanism for nfsd J. Bruce Fields
2012-07-10 21:05 ` J. Bruce Fields [this message]
2012-07-12 12:39 ` J. Bruce Fields
2012-07-12 22:05 ` Simo Sorce
2012-07-12 22:42 ` J. Bruce Fields
2012-07-10 21:52 ` Myklebust, Trond
2012-07-10 21:56 ` J. Bruce Fields
2012-07-10 22:12 ` Myklebust, Trond
2012-07-10 22:25 ` Myklebust, Trond
2012-07-10 22:38 ` J. Bruce Fields
2012-07-10 22:58 ` Myklebust, Trond
2012-07-11 17:03 ` J. Bruce Fields
2012-07-11 17:27 ` J. Bruce Fields
2012-07-11 17:49 ` Myklebust, Trond
2012-07-12 22:10 ` J. Bruce Fields
2012-07-13 15:43 ` J. Bruce Fields
2012-08-08 19:36 ` J. Bruce Fields
2012-08-08 19:43 ` J. Bruce Fields
2012-08-08 20:12 ` Stanislav Kinsbursky
2012-08-21 14:16 ` J. Bruce Fields
2012-08-21 14:25 ` Myklebust, Trond
2012-08-21 14:29 ` J. Bruce Fields
2012-08-21 14:27 ` Stanislav Kinsbursky
2012-08-10 13:07 ` Stanislav Kinsbursky
2012-07-11 11:15 ` Simo Sorce
2012-07-13 15:45 ` J. Bruce Fields
2012-07-13 15:55 ` Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120710210511.GB6038@fieldses.org \
--to=bfields@fieldses.org \
--cc=bfields@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.