[OpenAFS] OpenAFS 1.8.7 on Linux systems running Crowdstrike falcon-sensor
Jonathan Billings
jsbillin@umich.edu
Mon, 8 Mar 2021 14:43:47 -0500
--000000000000a9523e05bd0ba793
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Do you know if it would be OK for me to share my kernel backtrace with the
OpenAFS list?
On Mon, Mar 8, 2021 at 2:37 PM Martin Kelly <martin.kelly@crowdstrike.com>
wrote:
> On Sun, Mar 7, 2021 at 4:34 PM Benjamin Kaduk <mailto:kaduk@mit.edu>
> wrote:
> > > I don't use Crowdstrike so haven't seen it, but can you post the
> backtrace?
>
> > Based on what I've heard from Mr. Proulx at MIT (and from others
> off-list), I have put in a ticket with Crowdstrike asking if I can share
> the kernel backtrace. I honestly feel like it should be OK but I don't
> want to risk my job over it.
>
> Hi,
>
> I=E2=80=99m an engineer at CrowdStrike. There is a known issue in which O=
penAFS
> can cause the CrowdStrike LSM to crash because current->fs can be set to
> NULL in a certain code path in which it should not be NULL because we=E2=
=80=99re in
> process context. I double-checked this on the upstream LSM mailing list
> after looking at a stack trace. I had thought that a bug report had gotte=
n
> back to OpenAFS but it seems like that didn=E2=80=99t happen; sorry about=
that!
>
> Below is the LKML LSM thread regarding this. Please let me know if you
> have any other questions:
>
> https://www.spinics.net/lists/linux-security-module/msg39081.html
> https://www.spinics.net/lists/linux-security-module/msg39083.html
>
--=20
Jonathan Billings <jsbillin@umich.edu> (he/his)
College of Engineering - CAEN - Linux Support
--000000000000a9523e05bd0ba793
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Do you know if it would be OK for me to share my kernel ba=
cktrace with the OpenAFS list?=C2=A0 <br></div><br><div class=3D"gmail_quot=
e"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, Mar 8, 2021 at 2:37 PM Mar=
tin Kelly <<a href=3D"mailto:martin.kelly@crowdstrike.com">martin.kelly@=
crowdstrike.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);pad=
ding-left:1ex">On Sun, Mar 7, 2021 at 4:34 PM Benjamin Kaduk <mailto:<a =
href=3D"mailto:kaduk@mit.edu" target=3D"_blank">kaduk@mit.edu</a>> wrote=
:<br>
> > I don't use Crowdstrike so haven't seen it, but can you p=
ost the backtrace?<br>
<br>
> Based on what I've heard from Mr. Proulx at MIT (and from others o=
ff-list), I have put in a ticket with Crowdstrike asking if I can share the=
kernel backtrace.=C2=A0 I honestly feel like it should be OK but I don'=
;t want to risk my job over it.<br>
<br>
Hi,<br>
<br>
I=E2=80=99m an engineer at CrowdStrike. There is a known issue in which Ope=
nAFS can cause the CrowdStrike LSM to crash because current->fs can be s=
et to NULL in a certain code path in which it should not be NULL because we=
=E2=80=99re in process context. I double-checked this on the upstream LSM m=
ailing list after looking at a stack trace. I had thought that a bug report=
had gotten back to OpenAFS but it seems like that didn=E2=80=99t happen; s=
orry about that!<br>
<br>
Below is the LKML LSM thread regarding this. Please let me know if you have=
any other questions:<br>
<br>
<a href=3D"https://www.spinics.net/lists/linux-security-module/msg39081.htm=
l" rel=3D"noreferrer" target=3D"_blank">https://www.spinics.net/lists/linux=
-security-module/msg39081.html</a><br>
<a href=3D"https://www.spinics.net/lists/linux-security-module/msg39083.htm=
l" rel=3D"noreferrer" target=3D"_blank">https://www.spinics.net/lists/linux=
-security-module/msg39083.html</a><br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature"><div dir=3D"ltr">Jonathan Billings <<a href=3D"mailto:js=
billin@umich.edu" target=3D"_blank">jsbillin@umich.edu</a>> (he/his)<br>=
College of Engineering - CAEN - Linux Support<br></div></div>
--000000000000a9523e05bd0ba793--