Bug 722616
| Summary: | rpc.gssd occasional segfault | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Steven Leikeim <sleikeim> |
| Component: | nfs-utils | Assignee: | Steve Dickson <steved> |
| Status: | CLOSED DUPLICATE | QA Contact: | yanfu,wang <yanwang> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1 | CC: | christian.cier, jonathan.underwood, sleikeim |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-17 12:55:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Just a "me too" - reproduced on a rhel 6.1 system. Would it be possible to get a backtrace of the problem? Same issue on SL6.1. Name : nfs-utils Arch : i686 Epoch : 1 Version : 1.2.3 Release : 7.el6 Name : libgssglue Arch : i686 Version : 0.1 Release : 11.el6 Backtrace: ========== #0 0xb7e4be06 in __gss_get_mechanism_cred (union_cred=0x127138, mech_type=0x120424) at g_glue.c:295 #1 0xb7e4ec17 in gss_set_allowable_enctypes (minor_status=0xbfffef2c, cred_handle=0x127138, mech_type=0x120424, num_ktypes=7, ktypes=0x126ff8) at g_set_allowable_enctypes.c:68 #2 0x00116ce8 in limit_krb5_enctypes (sec=0xbfffefac) at krb5_util.c:1349 #3 0x001148dc in create_auth_rpc_client (clp=0x1266a8, clnt_return=0xbffff46c, auth_return=0xbffff468, uid=0, authtype=0) at gssd_proc.c:862 #4 0x001160e9 in process_krb5_upcall (clp=<value optimized out>, uid=0, fd=15, tgtname=0x0, service=0x0) at gssd_proc.c:1039 #5 0x00116b93 in handle_gssd_upcall (clp=0x1266a8) at gssd_proc.c:1294 #6 0x00114466 in scan_poll_results () at gssd_main_loop.c:84 #7 gssd_run () at gssd_main_loop.c:232 #8 0x00113e89 in main (argc=2, argv=0xbffff744) at gssd.c:187 ------- Error output from rpc.gssd -fvvv: ================================= beginning poll dir_notify_handler: sig 37 si 0xbff2c5ac data 0xbff2c62c dir_notify_handler: sig 37 si 0xbff2818c data 0xbff2820c handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt32) handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt32) process_krb5_upcall: service is '<null>' Full hostname for 'host.example.com' is 'host.example.com' Full hostname for 'host.example.com' is 'host.example.com' No key table entry found for HOST.EXAMPLE.COM$@EXAMPLE.COM while getting keytab entry for 'HOST.EXAMPLE.COM$@EXAMPLE.COM' No key table entry found for root/host.example.com while getting keytab entry for 'root/host.example.com' Success getting keytab entry for 'nfs/host.example.com' Successfully obtained machine credentials for principal 'nfs/host.example.com' stored in ccache 'FILE:/tmp/krb5cc_machine_EXAMPLE.COM' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_EXAMPLE.COM' are good until 1313242027 using FILE:/tmp/krb5cc_machine_EXAMPLE.COM as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_EXAMPLE.COM creating context using fsuid 0 (save_uid 0) Segmentation fault (In reply to comment #4) > Same issue on SL6.1. > > Name : nfs-utils > Arch : i686 > Epoch : 1 > Version : 1.2.3 > Release : 7.el6 > > Name : libgssglue > Arch : i686 > Version : 0.1 > Release : 11.el6 > > Backtrace: > ========== > > #0 0xb7e4be06 in __gss_get_mechanism_cred (union_cred=0x127138, > mech_type=0x120424) at g_glue.c:295 Would be possible to dump the contents of both the union_cred and mech_type structures? I am not very familiar with dumping/printing those nested structs/arrays in gdb. If you need further details, please tell me the gdb commands to enter.
Program received signal SIGSEGV, Segmentation fault.
0xb7e4be06 in __gss_get_mechanism_cred (union_cred=0x127138, mech_type=0x120424) at g_glue.c:295
295 if (g_OID_equal(mech_type, &union_cred->mechs_array[i]))
union_cred:
===========
(gdb) p (struct gss_union_cred_t) *0x127138
$12 = {count = 1208632, mechs_array = 0x1, cred_array = 0x1270e8, auxinfo = {name = {length = 1232456, value = 0x2d}, name_type = 0x12de08, creation_time = -1208143224, time_rec = 1313159642,
cred_usage = 86400}}
(gdb)
mech_type:
==========
(gdb) p mech_type
$23 = (gss_OID) 0x120424
(gdb) p (gss_OID) *0x120424
$24 = (struct gss_OID_desc_struct *) 0x9
(gdb)
Just a small additional information: I have tested the same configuration of Kerberos and NFS4 on SL6.0 (latest updates installed) without any problems. The problem seems to have been introduced in 6.1. I'm having a difficult time trying to reproduce this problem,
so for the people that can reproduce this problem could you
please try the nfs-utils in:
http://people.redhat.com/steved/.tmp/bz722616/
to see if the problem is fixed... tia...
I have tested nfs-utils-1.2.3-8.el6.i686.rpm and can report that it is working now on two different machines which were affected by this problem. In my case NFSv4 shares are now successfully mounted when using Kerberos. Only i686 was tested. (In reply to comment #9) > I have tested nfs-utils-1.2.3-8.el6.i686.rpm and can report that it is working > now on two different machines which were affected by this problem. > > In my case NFSv4 shares are now successfully mounted when using Kerberos. > > Only i686 was tested. Thank you for your time! I'm thinking bug #720479 was the cause of this problem too... So I'm going to close this bug as a duplicate of bug #720479 *** This bug has been marked as a duplicate of bug 720479 *** |
Description of problem: On first access (triggered from nfs.mount) rpc.gssd is occasionally observered to segfault. Version-Release number of selected component (if applicable): rpc.gssd from nfs-utils-1.2.3-7 How reproducible: Can occur when attempting to mount an NFS filesystem with option "sec=krb5". If the first request through rpc.gssd succeeds, then no segfaults have been observed. Segfaults have only be observed on the first call through rpc.gssd. Steps to Reproduce: 1. Start rpc.gssd 2. Attempt NFS mount with option "sec=krb5" 3. Actual results: Occasional segfault. Expected results: No segfault. Additional info: On looking at the SRPM for nfs-utils-1.2.3-7 to determinee why rpc.gssd was not functioning correctly for us, a problem was noticed in the way credentials data structures are being used. In the function limit_krb5_enctypes (file utils/gssd/krb5_util.c:1288) calls are made to gss_acquire_cred (line 1304) and gss_set_allowable_enctypes (lines 1320 & 1323) using credh. These 2 functions are using different and incompatable definitions for this structure. In gss_acquire_cred from krb5-1.9-9 (file src/lib/gssapi/mechglue/g_acquire_cred.c:87) the structure returned to credh (above) is of type gss_union_cred_t and has the following definition in lib/gssapi/mechglue/mglueP.h (line 71): /* * Set of Credentials typed on mechanism OID */ typedef struct gss_cred_id_struct { struct gss_cred_id_struct *loopback; int count; gss_OID mechs_array; gss_cred_id_t *cred_array; gss_union_cred_auxinfo auxinfo; } gss_union_cred_desc, *gss_union_cred_t; In gss_set_allowable_enctypes from libgssglue-0.1-11 (g_set_allowable_enctypes.c:37) the following definition is used to access the structure (from src/mglueP.h:51 in libgssglue-0.1-11): /* * Set of Credentials typed on mechanism OID */ typedef struct gss_union_cred_t { int count; gss_OID mechs_array; gss_cred_id_t * cred_array; gss_union_cred_auxinfo auxinfo; } gss_union_cred_desc, *gss_union_cred_t; As these structures are not aligned with each other, segfaults can (and appear to) occur. In any case, incorrect data will be accessed by gss_set_allowable_enctypes. This may affect other functions and uses of these credentials.