[OpenAFS] token and linux "access key retention"?
Wed, 27 May 2009 08:36:20 -0400
On Wed, May 27, 2009 at 7:37 AM, David Howells <email@example.com> wrote:
> Andreas Hirczy <firstname.lastname@example.org> wrote:
>> May 27 08:15:42 faeppc02 kernel: kernel BUG at kernel/cred.c:360!
>> May 27 08:15:42 faeppc02 kernel: EIP is at commit_creds+0x24/0x12c
>> May 27 08:15:42 faeppc02 kernel: =A0[<c016c20b>] ? sys_faccessat+0x90/0x=
> The problem is that sys_faccessat() overrides the current credentials of =
> task with slightly modified ones before calling into the filesystem. You'=
> then calling commit_creds() which would otherwise revert that change, and=
> commit_creds() throws an assertion failure:
> =A0 =A0 =A0 =A0BUG_ON(task->cred !=3D task->real_cred);
> I have a series of about 150 patches standing at about 5MB in size to pas=
> effective creds down through the function calls rather than stashing it i=
> task_struct, but it's quite icky, especially when it comes to dealing wit=
> What exactly is crset() doing at the moment?
There's already a patch for this in CVS - see delta
STABLE14-linux26-defer-cred-changing-20090511 for the diff and a
crset() is trying to adjust the groups so that they show a newly added
keyring based PAG for things that rely on the group list. The fix is
simply to defer this adjustment until we're not in a state where the
credentials are overridden.