145778 – [zfs] [panic] panic in zfs_fuid_map_id (known issue fixed in opensolaris)

Bug 145778 - [zfs] [panic] panic in zfs_fuid_map_id (known issue fixed in opensolaris)

Summary: [zfs] [panic] panic in zfs_fuid_map_id (known issue fixed in opensolaris)

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	8.0-STABLE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-fs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-04-17 15:20 UTC by Alistair Phipps
Modified:	2010-09-15 17:20 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alistair Phipps 2010-04-17 15:20:01 UTC

Certain files on my zfs pool imported from Solaris cause a kernel panic when accessed, even just listing a directory.  The console says "panic: zfs_fuid_map_id".  I believe this issue is http://bugs.opensolaris.org/view_bug.do?bug_id=6746456 -- can this fix go into freebsd?

Fix: 

http://bugs.opensolaris.org/view_bug.do?bug_id=6746456 -- not sure how to find source change for this
How-To-Repeat: With my zpool, I can reproduce the panic all the time by accessing a particular directory.  It also occurs when running a scrub.

Comment 1 Mark Linimon freebsd_committer

2010-04-17 15:57:21 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-fs

Over to maintainer(s).

Comment 2 Alistair Phipps 2010-05-08 19:37:08 UTC

The box is crashing nightly with this panic when running
/etc/periodic/daily/450.status-security.

I figured out how to get a crash dump and think I was too hasty in
associating this with the opensolaris bug.   Here's the backtrace:

#0  doadump () at pcpu.h:246
#1  0x805b1447 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:416
#2  0x805b1739 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:579
#3  0x84cd17ad in zfs_fuid_map_id (zfsvfs=0x86573000, fuid=4294967314,
    cr=0x86a6c980, type=ZFS_GROUP)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c:395
#4  0x84cd181f in zfs_groupmember (zfsvfs=0x86573000, id=Unhandled
dwarf expression opcode 0x93
)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c:713
#5  0x84ce1a9d in zfs_zaccess_common (zp=0x88033000, v4_mode=Variable
"v4_mode" is not available.
)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c:2292
#6  0x84ce1dc7 in zfs_zaccess (zp=0x88033000, mode=128, flags=0, skipaclchk=0,
    cr=0x86a6c980)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_acl.c:2411
#7  0x84cf6ab4 in zfs_freebsd_getattr (ap=0xd6ac7ac4)
    at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c:2356
#8  0x80844ea2 in VOP_GETATTR_APV (vop=0x84d5aaa0, a=0xd6ac7ac4)
    at vnode_if.c:697
#9  0x806490c9 in vn_stat (vp=0x879a5c90, sb=0xd6ac7afc,
    active_cred=0x86a6c980, file_cred=0x0, td=0x86ff4000) at vnode_if.h:309
#10 0x806404ed in kern_statat_vnhook (td=0x86ff4000, flag=512, fd=-100,
    path=0x2824b6b8 <Address 0x2824b6b8 out of bounds>, pathseg=UIO_USERSPACE,
    sbp=0xd6ac7c18, hook=0) at /usr/src/sys/kern/vfs_syscalls.c:2358
#11 0x8064062c in kern_statat (td=0x86ff4000, flag=512, fd=-100,
    path=0x2824b6b8 <Address 0x2824b6b8 out of bounds>, pathseg=UIO_USERSPACE,
    sbp=0xd6ac7c18) at /usr/src/sys/kern/vfs_syscalls.c:2336
#12 0x80640666 in kern_lstat (td=0x86ff4000,
    path=0x2824b6b8 <Address 0x2824b6b8 out of bounds>, pathseg=UIO_USERSPACE,
    sbp=0xd6ac7c18) at /usr/src/sys/kern/vfs_syscalls.c:2409
#13 0x8064070f in lstat (td=0x86ff4000, uap=0xd6ac7cf8)
    at /usr/src/sys/kern/vfs_syscalls.c:2399
#14 0x8082fb93 in syscall (frame=0xd6ac7d38)
    at /usr/src/sys/i386/i386/trap.c:1111
#15 0x80812390 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:261
#16 0x00000033 in ?? ()

Here's the offending code:

#ifdef TODO
        if (type == ZFS_OWNER || type == ZFS_ACE_USER) {
                (void) kidmap_getuidbysid(crgetzone(cr), domain,
                    FUID_RID(fuid), &id);
        } else {
                (void) kidmap_getgidbysid(crgetzone(cr), domain,
                    FUID_RID(fuid), &id);
        }
#else
        panic(__func__);
#endif

The code in opensolaris doesn't have the ifdef TODO block:
http://src.opensolaris.org/source/xref/systemz/sirius/usr/src/uts/common/fs/zfs/zfs_fuid.c

Based on the function names, it *sounds* as if Windows/CIFS SIDs are
stored instead of UIDs when a ZFS partition is accessed using the
sharesmb functionality on OpenSolaris.  However, sharesmb appears to
not be supported under FreeBSD (reports "unsupported share protocol:
1") and it looks like FreeBSD has some unimplemented code where it
will panic upon encountering files with associated SIDs set up on
OpenSolaris (the TODO block above).

Should this be listed on the ZFS known issues page
(http://wiki.freebsd.org/ZFS)?  Is there a workaround for this, e.g.
some way to strip the SIDs from my ZFS?  I don't have a need to
preserve them.  If I change the panic line to return 0, will that make
the offending files owned by root?

Thanks for any help.

Comment 3 Alistair Phipps 2010-05-09 00:40:22 UTC

I tried changing the panic to a return (uid_t) 0; and it seems to have
worked -- no more panic and I'm able to access my files.  This seems
to be an acceptable workaround for others in the same situation.  I
think the files now have uid/gid 0 (root:wheel) which could be a
security risk on a multi-user system.

Comment 4 dfilter service freebsd_committer

2010-07-23 00:30:35 UTC

Author: mm
Date: Thu Jul 22 23:30:24 2010
New Revision: 210398
URL: http://svn.freebsd.org/changeset/base/210398

Log:
  Enable fake resolving of SMB RIDs by using nulldomain and UID_NOBODY
  - fixes panics when Solaris/OpenSolaris pools that contain files
  uploaded with the SMB protocol are accessed
  
  Enable seting/unsetting the sharesmb property (dummy action)
  - allows users who import pools from Solaris/Opensolaris to unset
  the sharesmb property and get rid of annoying messages
  
  PR:		kern/145778, kern/148709
  Approved by:	pjd, delphij (mentor)
  MFC after:	7 weeks

Modified:
  head/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c
  head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c

Modified: head/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c
==============================================================================
--- head/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c	Thu Jul 22 23:23:39 2010	(r210397)
+++ head/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c	Thu Jul 22 23:30:24 2010	(r210398)
@@ -1265,7 +1265,6 @@ zfs_prop_set(zfs_handle_t *zhp, const ch
 	case ZFS_PROP_XATTR:
 	case ZFS_PROP_VSCAN:
 	case ZFS_PROP_NBMAND:
-	case ZFS_PROP_SHARESMB:
 		(void) snprintf(errbuf, sizeof (errbuf),
 		    "property '%s' not supported on FreeBSD", propname);
 		ret = zfs_error(hdl, EZFS_PERM, errbuf);

Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c
==============================================================================
--- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c	Thu Jul 22 23:23:39 2010	(r210397)
+++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c	Thu Jul 22 23:30:24 2010	(r210398)
@@ -410,7 +410,7 @@ zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64
 	domain = zfs_fuid_find_by_idx(zfsvfs, index);
 	ASSERT(domain != NULL);
 
-#ifdef TODO
+#ifdef sun
 	if (type == ZFS_OWNER || type == ZFS_ACE_USER) {
 		(void) kidmap_getuidbysid(crgetzone(cr), domain,
 		    FUID_RID(fuid), &id);
@@ -418,9 +418,9 @@ zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64
 		(void) kidmap_getgidbysid(crgetzone(cr), domain,
 		    FUID_RID(fuid), &id);
 	}
-#else
-	panic(__func__);
-#endif
+#else	/* sun */
+	id = UID_NOBODY;
+#endif	/* sun */
 	return (id);
 }
 
@@ -514,21 +514,21 @@ zfs_fuid_create_cred(zfsvfs_t *zfsvfs, z
 	if (!zfsvfs->z_use_fuids || !IS_EPHEMERAL(id))
 		return ((uint64_t)id);
 
-#ifdef TODO
+#ifdef sun
 	ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP);
 
 	VERIFY(ksid != NULL);
 	rid = ksid_getrid(ksid);
 	domain = ksid_getdomain(ksid);
-
+#else	/* sun */
+	rid = UID_NOBODY;
+	domain = nulldomain;
+#endif	/* sun */
 	idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE);
 
 	zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
 
 	return (FUID_ENCODE(idx, rid));
-#else
-	panic(__func__);
-#endif
 }
 
 /*
@@ -597,7 +597,7 @@ zfs_fuid_create(zfsvfs_t *zfsvfs, uint64
 		};
 		domain = fuidp->z_domain_table[idx -1];
 	} else {
-#ifdef TODO
+#ifdef sun
 		if (type == ZFS_OWNER || type == ZFS_ACE_USER)
 			status = kidmap_getsidbyuid(crgetzone(cr), id,
 			    &domain, &rid);
@@ -606,6 +606,7 @@ zfs_fuid_create(zfsvfs_t *zfsvfs, uint64
 			    &domain, &rid);
 
 		if (status != 0) {
+#endif	/* sun */
 			/*
 			 * When returning nobody we will need to
 			 * make a dummy fuid table entry for logging
@@ -613,10 +614,9 @@ zfs_fuid_create(zfsvfs_t *zfsvfs, uint64
 			 */
 			rid = UID_NOBODY;
 			domain = nulldomain;
+#ifdef sun
 		}
-#else
-		panic(__func__);
-#endif
+#endif	/* sun */
 	}
 
 	idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Comment 5 Jaakko Heinonen freebsd_committer

2010-08-11 15:37:07 UTC

State Changed
From-To: open->closed

Duplicate of kern/148709.

Comment 6 dfilter service freebsd_committer

2010-09-15 17:10:50 UTC

Author: mm
Date: Wed Sep 15 16:10:38 2010
New Revision: 212670
URL: http://svn.freebsd.org/changeset/base/212670

Log:
  MFC r210398:
  
  Enable fake resolving of SMB RIDs by using nulldomain and UID_NOBODY
  - fixes panics when Solaris/OpenSolaris pools that contain files
  uploaded with the SMB protocol are accessed
  
  Enable seting/unsetting the sharesmb property (dummy action)
  - allows users who import pools from Solaris/Opensolaris to unset
  the sharesmb property and get rid of annoying messages
  
  PR:		kern/145778, kern/148709
  Approved by:	pjd, delphij (mentor))

Modified:
  stable/8/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c
  stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c
Directory Properties:
  stable/8/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)

Modified: stable/8/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c
==============================================================================
--- stable/8/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c	Wed Sep 15 16:05:51 2010	(r212669)
+++ stable/8/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c	Wed Sep 15 16:10:38 2010	(r212670)
@@ -1265,7 +1265,6 @@ zfs_prop_set(zfs_handle_t *zhp, const ch
 	case ZFS_PROP_XATTR:
 	case ZFS_PROP_VSCAN:
 	case ZFS_PROP_NBMAND:
-	case ZFS_PROP_SHARESMB:
 		(void) snprintf(errbuf, sizeof (errbuf),
 		    "property '%s' not supported on FreeBSD", propname);
 		ret = zfs_error(hdl, EZFS_PERM, errbuf);

Modified: stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c
==============================================================================
--- stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c	Wed Sep 15 16:05:51 2010	(r212669)
+++ stable/8/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_fuid.c	Wed Sep 15 16:10:38 2010	(r212670)
@@ -410,7 +410,7 @@ zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64
 	domain = zfs_fuid_find_by_idx(zfsvfs, index);
 	ASSERT(domain != NULL);
 
-#ifdef TODO
+#ifdef sun
 	if (type == ZFS_OWNER || type == ZFS_ACE_USER) {
 		(void) kidmap_getuidbysid(crgetzone(cr), domain,
 		    FUID_RID(fuid), &id);
@@ -418,9 +418,9 @@ zfs_fuid_map_id(zfsvfs_t *zfsvfs, uint64
 		(void) kidmap_getgidbysid(crgetzone(cr), domain,
 		    FUID_RID(fuid), &id);
 	}
-#else
-	panic(__func__);
-#endif
+#else	/* sun */
+	id = UID_NOBODY;
+#endif	/* sun */
 	return (id);
 }
 
@@ -514,21 +514,21 @@ zfs_fuid_create_cred(zfsvfs_t *zfsvfs, z
 	if (!zfsvfs->z_use_fuids || !IS_EPHEMERAL(id))
 		return ((uint64_t)id);
 
-#ifdef TODO
+#ifdef sun
 	ksid = crgetsid(cr, (type == ZFS_OWNER) ? KSID_OWNER : KSID_GROUP);
 
 	VERIFY(ksid != NULL);
 	rid = ksid_getrid(ksid);
 	domain = ksid_getdomain(ksid);
-
+#else	/* sun */
+	rid = UID_NOBODY;
+	domain = nulldomain;
+#endif	/* sun */
 	idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE);
 
 	zfs_fuid_node_add(fuidp, kdomain, rid, idx, id, type);
 
 	return (FUID_ENCODE(idx, rid));
-#else
-	panic(__func__);
-#endif
 }
 
 /*
@@ -597,7 +597,7 @@ zfs_fuid_create(zfsvfs_t *zfsvfs, uint64
 		};
 		domain = fuidp->z_domain_table[idx -1];
 	} else {
-#ifdef TODO
+#ifdef sun
 		if (type == ZFS_OWNER || type == ZFS_ACE_USER)
 			status = kidmap_getsidbyuid(crgetzone(cr), id,
 			    &domain, &rid);
@@ -606,6 +606,7 @@ zfs_fuid_create(zfsvfs_t *zfsvfs, uint64
 			    &domain, &rid);
 
 		if (status != 0) {
+#endif	/* sun */
 			/*
 			 * When returning nobody we will need to
 			 * make a dummy fuid table entry for logging
@@ -613,10 +614,9 @@ zfs_fuid_create(zfsvfs_t *zfsvfs, uint64
 			 */
 			rid = UID_NOBODY;
 			domain = nulldomain;
+#ifdef sun
 		}
-#else
-		panic(__func__);
-#endif
+#endif	/* sun */
 	}
 
 	idx = zfs_fuid_find_by_domain(zfsvfs, domain, &kdomain, B_TRUE);
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"