[OpenAFS] token and linux "access key retention"?

Marc Dionne marc.c.dionne@gmail.com
Wed, 27 May 2009 08:36:20 -0400

On Wed, May 27, 2009 at 7:37 AM, David Howells <dhowells@redhat.com> wrote:
> Andreas Hirczy <ahi@itp.tugraz.at> wrote:
>> May 27 08:15:42 faeppc02 kernel: kernel BUG at kernel/cred.c:360!
>> ...
>> May 27 08:15:42 faeppc02 kernel: EIP is at commit_creds+0x24/0x12c
>> ...
>> May 27 08:15:42 faeppc02 kernel: =A0[<c016c20b>] ? sys_faccessat+0x90/0x=
> The problem is that sys_faccessat() overrides the current credentials of =
> task with slightly modified ones before calling into the filesystem. You'=
> then calling commit_creds() which would otherwise revert that change, and=
> commit_creds() throws an assertion failure:
> =A0 =A0 =A0 =A0BUG_ON(task->cred !=3D task->real_cred);
> I have a series of about 150 patches standing at about 5MB in size to pas=
s the
> effective creds down through the function calls rather than stashing it i=
n the
> task_struct, but it's quite icky, especially when it comes to dealing wit=
> ioctl...
> What exactly is crset() doing at the moment?
> David

There's already a patch for this in CVS - see delta
STABLE14-linux26-defer-cred-changing-20090511 for the diff and a
little explanation.

crset() is trying to adjust the groups so that they show a newly added
keyring based PAG for things that rely on the group list.  The fix is
simply to defer this adjustment until we're not in a state where the
credentials are overridden.