Re: Panic during samba mount

[Nicolas Thery <nthery@xxxxxxxxx>]

On 10 July 2010 08:33, Nicolas Thery <nthery@gmail.com> wrote:
> I reproduced the bug and I'm giving it a look.
> Cheers,
> Nicolas
>
> On 2 July 2010 19:27, Tero Jaasko
> <tero.jaasko.no.spam.please@mail.suomi.net> wrote:
>>
>> Hello,
>> I am getting a "Fatal trap 12: page fault while in kernel mode" -panic on
>> a samba mount command, e.g.
>> "mount_smbfs -I 192.168.0.195 //guest@192.168.0.195/share /mnt/share/".
[...]
>> There seems to be a problem in prison_replace_wildcards() at
>> sys/kern/kern_jail.c:, as the given "td->td_ucred" is NULL. The attached
>> kgdb.txt contains my attempt at debugging the situation.
>>
>> The panic is 100% reproducible on my system and I have a few kernel dumps
>> from the situation, if somebody needs tehm. I have attached a band-aid kind
>> of patch, which seems to work, at least with it the samba works as expected,
>> but perhaps it is not a correct solution.

td is a samba kernel thread created in smb_iod_create() by calling
kthread_create_compat() which according to its comment is used only for samba.

kthread_create_compat() forks process 0 so the resulting kernel thread is a bit
different from other kernel threads: td->td_ucred == NULL but td->td_proc !=
NULL (it points to the forked process).  This explains why the td_proc == NULL
check at the beginning of prison_replace_wildcard(), which is presumably there
for detecting kernel threads, fails.

prison_remote_ip() already checks if td_ucred != NULL before dereferencing it
so your patch looks good and a committed it.  In the longer term, changing
samba to create a lwkt is probably the way to go.

Thanks for reporting this issue and fixing it.