[OpenAFS] token and linux "access key retention"?

Andreas Hirczy ahi@itp.tugraz.at
Wed, 27 May 2009 13:18:37 +0200 

Hi!

I get interesting effects with openafs 1.4.10+dfsg1 and linux 2.6.29.3 and
2.6.29.4. - both backported to Debian stable.

On on 64 bit machine (amd64) several ssh connections are within the same PAG;
      "id" does not show me the usual long group number, but there are lots
      of entrys matching "afs_pag" inside /proc/keys. On this kernels KEYS
      and KEYS_DEBUG_PROC_KEYS was activated.

      When I log in I get Kerberos TGT and an AFS ticket, but no token
      (should be provided by pam). Aklog works, afterward I get tokens in all
      other SSH sessions. "unlog" in on session destroys all ather tokens.
      On other computers of the same kind everything works as expected. The
      troubling machine (Dual Intel Xeon E5430) is used as a login server for
      our students and sees a max of about 20 concurrent users and several
      hundred logins per day - the working machine are used for number
      crunching and do not see many interactive logins, none of them via a
      graphical user interface.

On 32 bit machines (i686) gdm fails on second login, while the first login
      works. On this kernels KEYS was activated, but not
      KEYS_DEBUG_PROC_KEYS.

May 27 08:15:42 faeppc02 kernel: ------------[ cut here ]------------
May 27 08:15:42 faeppc02 kernel: kernel BUG at kernel/cred.c:360!
May 27 08:15:42 faeppc02 kernel: invalid opcode: 0000 [#1] SMP 
May 27 08:15:42 faeppc02 kernel: last sysfs file: /sys/devices/pci0000:00/0000:00:1d.3/pools
May 27 08:15:42 faeppc02 kernel: Modules linked in: xt_multiport iptable_filter ip_tables x_tables i915 fb drm i2c_algo_bit cfbcopyarea cfbimgblt cfbfillrect binfmt_misc openafs(P) rfcomm l2cap bluetooth ppdev lp cpufreq_stats cpufreq_userspace cpufreq_ondemand freq_table dm_snapshot dm_mirror dm_region_hash dm_log dm_mod fuse snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd i2c_i801 i2c_core soundcore snd_page_alloc sky2 intel_agp rtc_cmos rtc_core rtc_lib parport_pc parport sr_mod evdev
May 27 08:15:42 faeppc02 kernel: 
May 27 08:15:42 faeppc02 kernel: Pid: 3924, comm: gdm Tainted: P           (2.6.29.3 #1) SG31
May 27 08:15:42 faeppc02 kernel: EIP: 0060:[<c013961d>] EFLAGS: 00010283 CPU: 1
May 27 08:15:42 faeppc02 kernel: EIP is at commit_creds+0x24/0x12c
May 27 08:15:42 faeppc02 kernel: EAX: f70ea5f0 EBX: f68c7440 ECX: 00000000 EDX: 00008282
May 27 08:15:42 faeppc02 kernel: ESI: f68c77c0 EDI: f71af540 EBP: f0d05d98 ESP: f0d05d88
May 27 08:15:42 faeppc02 kernel:  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
May 27 08:15:42 faeppc02 kernel: Process gdm (pid: 3924, ti=f0d05000 task=f70ea5f0 task.ti=f0d05000)
May 27 08:15:42 faeppc02 kernel: Stack:
May 27 08:15:42 faeppc02 kernel:  f70ea5f0 e48c3860 f68c7440 e490ab80 f0d05dac f85db549 f0d05de4 00000001
May 27 08:15:42 faeppc02 kernel:  e490ab80 f0d05dd8 f85dba29 f8600924 f0d05de8 f0d05de4 00000000 e490a480
May 27 08:15:42 faeppc02 kernel:  00000001 411ba215 e48ca7c0 e8826dc0 f0d05df4 f85ac0ab 00000000 e48c3860
May 27 08:15:42 faeppc02 kernel: Call Trace:
May 27 08:15:42 faeppc02 kernel:  [<f85db549>] ? crset+0x59/0x7b [openafs]
May 27 08:15:42 faeppc02 kernel:  [<f85dba29>] ? __setpag+0x170/0x18e [openafs]
May 27 08:15:42 faeppc02 kernel:  [<f85ac0ab>] ? PagInCred+0x7c/0x97 [openafs]
May 27 08:15:42 faeppc02 kernel:  [<f85ac0ff>] ? afs_InitReq+0x39/0x4d [openafs]
May 27 08:15:42 faeppc02 kernel:  [<f85b61c3>] ? afs_access+0x60/0x341 [openafs]
May 27 08:15:42 faeppc02 kernel:  [<f85e0649>] ? afs_linux_permission+0x6e/0xc9 [openafs]
May 27 08:15:42 faeppc02 kernel:  [<c01730cd>] ? inode_permission+0x56/0x6b
May 27 08:15:42 faeppc02 kernel:  [<c0174471>] ? __link_path_walk+0x108/0xb1f
May 27 08:15:42 faeppc02 kernel:  [<c01fef98>] ? copy_to_user+0x2c/0xfc
May 27 08:15:42 faeppc02 kernel:  [<c03162c9>] ? move_addr_to_user+0x40/0x57
May 27 08:15:42 faeppc02 kernel:  [<c0175016>] ? path_walk+0x50/0xa5
May 27 08:15:42 faeppc02 kernel:  [<c01751ea>] ? do_path_lookup+0x12e/0x148
May 27 08:15:42 faeppc02 kernel:  [<c0174337>] ? getname+0x62/0x94
May 27 08:15:42 faeppc02 kernel:  [<c0175a9a>] ? user_path_at+0x3c/0x67
May 27 08:15:42 faeppc02 kernel:  [<c017e3b8>] ? mntput_no_expire+0x1c/0xed
May 27 08:15:42 faeppc02 kernel:  [<c016c20b>] ? sys_faccessat+0x90/0x14a
May 27 08:15:42 faeppc02 kernel:  [<c016dca7>] ? fput+0x19/0x1b
May 27 08:15:42 faeppc02 kernel:  [<c016c2d5>] ? sys_access+0x10/0x12
May 27 08:15:42 faeppc02 kernel:  [<c0102dc5>] ? sysenter_do_call+0x12/0x25
May 27 08:15:42 faeppc02 kernel:  [<c0380000>] ? pci_read_bridge_bases+0xc0/0x2aa
May 27 08:15:42 faeppc02 kernel: Code: e8 df fe ff ff 5d c3 55 89 e5 57 56 53 89 c3 83 ec 04 64 a1 00 50 54 c0 89 45 f0 8b b0 a8 02 00 00 8b b8 a4 02 00 00 39 fe 74 04 <0f> 0b eb fe 8b 06 48 7f 04 0f 0b eb fe 8b 03 85 c0 7f 04 0f 0b 
May 27 08:15:42 faeppc02 kernel: EIP: [<c013961d>] commit_creds+0x24/0x12c SS:ESP 0068:f0d05d88
May 27 08:15:42 faeppc02 kernel: ---[ end trace 5f9e7b24d7bea96a ]---


I'll try with "access key retention" disabled - will report if this works
better.

Best regards
Andreas
-- 
Andreas Hirczy <ahi@itp.tugraz.at>                   http://itp.tugraz.at/~ahi/
Graz University of Technology                        phone: +43/316/873-   8190
Institute of Theoretical and Computational Physics     fax: +43/316/873-10 8190
Petersgasse 16, A-8010 Graz                         mobile: +43/664/859 23 57