[OpenAFS] token and linux "access key retention"?
Marc Dionne
marc.c.dionne@gmail.com
Wed, 27 May 2009 08:36:20 -0400
On Wed, May 27, 2009 at 7:37 AM, David Howells <dhowells@redhat.com> wrote:
>
> Andreas Hirczy <ahi@itp.tugraz.at> wrote:
>
>> May 27 08:15:42 faeppc02 kernel: kernel BUG at kernel/cred.c:360!
>> ...
>> May 27 08:15:42 faeppc02 kernel: EIP is at commit_creds+0x24/0x12c
>> ...
>> May 27 08:15:42 faeppc02 kernel: =A0[<c016c20b>] ? sys_faccessat+0x90/0x=
14a
>
> The problem is that sys_faccessat() overrides the current credentials of =
the
> task with slightly modified ones before calling into the filesystem. You'=
re
> then calling commit_creds() which would otherwise revert that change, and=
so
> commit_creds() throws an assertion failure:
>
> =A0 =A0 =A0 =A0BUG_ON(task->cred !=3D task->real_cred);
>
> I have a series of about 150 patches standing at about 5MB in size to pas=
s the
> effective creds down through the function calls rather than stashing it i=
n the
> task_struct, but it's quite icky, especially when it comes to dealing wit=
h
> ioctl...
>
> What exactly is crset() doing at the moment?
>
> David
There's already a patch for this in CVS - see delta
STABLE14-linux26-defer-cred-changing-20090511 for the diff and a
little explanation.
crset() is trying to adjust the groups so that they show a newly added
keyring based PAG for things that rely on the group list. The fix is
simply to defer this adjustment until we're not in a state where the
credentials are overridden.
Marc