evince makes openafs to kernel oops

Does this always happen? Or perhaps only when you are not authenticated to the realm? If it only happens when you are unauthenticated, perhaps it is an issue with handling "permission denied" or "not found" files.

Can this be reliably reproduced?
I assume it's selinux or apparmor denying access to the AFS disk cache.

It does happen when I'm authenticated and yes I can reproduce it reliable even with kernel 2.6.31-12-generic and openafs 1.4.11+dfsg-1.

The fun thing is that I can read the pdf using acroread.

I can also confirm and reproduce this bug with kernel 2.6.31-14-generic and openafs 1.4.11+dfsg-1. I tried using openafs compiled for kernel version 2.6.31-14-generic by installing openafs-modules-2.6.31-14-generic, but I encountered the same bug.

As Marc notes, this is SELinux denying access to the AFS disk cache. Sadly, when OpenAFS cannot open files it expects to see in its cache, it panics, rather than returning a graceful error to userspace.

I'm not familiar with what Ubuntu's SELinux policy looks like (this comment is a drive-by from an OpenAFS developer), but it would be worth investigating there to see what rules it has with respect to /var/cache/openafs

Er....Ubuntu doesn't use SELinux... We have AppArmor. Would that do it?

From the text of the error it looks like AppArmor rather than selinux, but the issue is the same. I think what is needed is to stash credentials at startup and always use these when dealing with cache files rather than using the current process' credentials. This should not be difficult to do with the credentials API changes from David Howells - just haven't managed to configure selinux locally to be able to reproduce it.

Didn't see that last comment before posting mine, but yes, the issue is the same with AppArmor and the solution should apply to both.

Can anyone check if the attached patch helps? It's based on openafs 1.4.11

It works with selinux, but I don't have anything with AppArmor to test.

Thanks,
Marc

I saw the same BUG (osi_file.c:87) without the patch. With the patch, I get an oops during boot instead:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
IP: [<ffffffff8141a74c>] aa_cred_policy+0xc/0x40

(See the end of the attached dmesg log.)

From /var/log/kern.log

Oct 25 18:48:07 clark-pc kernel: [ 922.581867] type=1503 audit(1256510887.946:24): operation="open" pid=2807 parent=1 profile="/usr/bin/evince" requested_mask="::rw" denied_mask="::rw" fsuid=1000 ouid=0 name="/var/cache/openafs/VolumeItems"

If I turn apparmor off for the user.bin.evince profile, I no longer get the oops.

$ sudo touch /etc/apparmor.d/disable/usr.bin.evince
$ sudo /etc/init.d/apparmor reload

I suppose putting it in complain mode might work as well:

$ sudo aa-complain /usr/bin/evince

Ok the previous patch had a silly typo, here's an updated version.
I've been able to reproduce this locally on an installation of karmic, and this patch fixes it for me.
If someone can confirm I'll submit it upstream.

the patch fies the issue for me. i can read pdf files from afs with no oops.

i still get some audit messages in dmesg from evince. looks like it tries to read lots of random files when you load it.
[ 83.277679] __ratelimit: 30 callbacks suppressed
[ 83.277682] type=1503 audit(1256812322.793:22): operation="open" pid=3413 parent=3099 profile="/usr/bin/evince" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/data/eb-5.4.3-sis900.zdsk"
[ 83.277835] type=1503 audit(1256812322.793:23): operation="open" pid=3413 parent=3099 profile="/usr/bin/evince" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/data/ffag.ogg"
[ 83.277908] type=1503 audit(1256812322.793:24): operation="open" pid=3413 parent=3099 profile="/usr/bin/evince" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/data/flutesbrain.img"
[ 83.748288] type=1503 audit(1256812323.263:25): operation="open" pid=3413 parent=3099 profile="/usr/bin/evince" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/data/flutesbrain20090201.img"
[ 83.748540] type=1503 audit(1256812323.263:26): operation="open" pid=3413 parent=3099 profile="/usr/bin/evince" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/data/openwrt"

these files are not pdfs, and i did not even open a file in the same directory. why does evince try to read them?

Mackenzie, Please use -1ubuntu0.1 as the version number for the SRU.

Other than that, ACK from MOTU-SRU

P.S. Subscribing MOTU-SRU would be awesome too so it doesn't fall under the radar.

Thanks

OK, changing version #. Thanks jdong

Accepted openafs into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

i am have been running with the new module from karmic-proposed. i dont see the oopses that i had before. i have opened various pdfs:
* on afs with credentials
* local with and without credentials

thanks

 tag patch-verified

Oh, sorry - I should have caught this earlier.

The version number 1.4.11+dfsg1-1ubuntu0.1 won't work because of how module-assistant-built package version numbers work.

When module-assistant builds a package, that package is versioned as $PACKAGE_VERSION+$KERNEL_VERSION, so the new version of the kernel modules will be 1.4.11+dfsg1-1ubuntu0.1+2.6.31-14, which is actually older than the previous 1.4.11+dfsg1-1+2.6.31-14:

fanty:~ evan$ dpkg --compare-versions 1.4.11+dfsg-1ubuntu0.1+2.6.31-14 gt 1.4.11+dfsg-1+2.6.31-14 && echo yes || echo no
no

The version number for the new openafs package needs to be 1.4.11+dfsg-1+ubuntu0.1 for this to work.

How weird. Anyway, thanks for catching this! Please reupload.

This is fixed upstream in commit a410b7fd, and in Debian sid with openafs 1.4.11+dfsg-5. I have a PPA build at https://launchpad.net/~anders-kaseorg/+archive/openafs .

openafs (1.4.11+dfsg-5) unstable; urgency=low

  * Apply upstream deltas:
    - [7833e472] Make afsd.pod reflect reality
    - [c9974c7a] Avoid prematurely destroying callback_rxcon
    - [9b37972e] Linux: 2.6.32 - Adapt to writeback changes
    - [abdf72bc] Linux: Avoid deadlock in readdir - release GLOCK for
      filldir
    - [bdb4f98a] Protect rx_call iovq from simultaneous attempts to empty
      it
    - [c08609ae] Avoid using released hosts
    - [a410b7fd] Linux - Fix disk cache access for selinux/AppArmor
      constrained processes (LP: #415766)
    - [49094ccf] Add automatic sysname detection for ARM Linux
    - [525b594a] Make ktc_curpag generally available (LP: #446521)
  * In the postinst of openafs-modules-dkms, if the openafs module is
    already added in DKMS, try to remove it first before adding it. This
    should more correctly handle the case of a user installing this
    package without the correct kernel headers, having it fail in
    postinst, and then installing the correct headers and having dpkg
    attempt to configure the package again. Thanks, Philipp Kaluza.
    (Closes: #553542)

 -- Russ Allbery <email address hidden> Tue, 03 Nov 2009 20:57:21 -0800

openafs (1.4.11+dfsg-4) unstable; urgency=low

  * When changing the name of the source package built by
    openafs-modules-source, we need to change the package name in the
    changelog as well or dpkg-gencontrol explodes. Thanks, Aaron M.
    Ucko. (Closes: #549140)

 -- Russ Allbery <email address hidden> Wed, 30 Sep 2009 18:04:44 -0700

openafs (1.4.11+dfsg-3) unstable; urgency=low

  * Apply upstream deltas:
    - openafs-stable-1_4_x/fileserver-no-negative-fetchdata-20090926:
      never return a negative data length from client reads past the end
      of a file.
    - openafs-stable-1_4_x/fileserver-gethost-r-cleanup-fixes-20090925:
      fix memory leak and possible double-free in error handling cases in
      fileserver.
    - openafs-stable-1_4_x/fileserver-retry-registeraddrs-20090810: retry
      VL_RegisterAddrs in the file server on failure.
    - openafs-stable-1_4_x/kernel-init-vrequest-structure-20090914:
      properly initialize vrequest structure in the kernel.
  * Change the permissions of /var/lib/openafs/local to 0700 to match
    upstream defaults. This directory contains the fssync.sock file used
    for coordination between the fileserver and the volserver, and
    commands sent to that socket are not authenticated. Linux protects
    the socket from unprivileged writes by default, but other operating
    systems do not. Upstream therefore wants this directory to be 0700
    and bosserver will complain by default if it's not. Changing the
    permissions let us drop a patch to bosserver.
  * Fix the second module control file for the standards version, section,
    and maintainer update.
  * Change the source package name of the stripped package generated by
    openafs-modules-source so that, should someone build a Debian source
    package from it, it won't have the ...

New debdiff with proper version #

this time without autoconf weirdness

One of these days, I'll get this right :)

here jdong

There is an openafs upload 1.4.11+dfsg-1+ubuntu0.1 in karmic-proposed queue. I reject this, because this version is already in -proposed. Please bump the version and describe the changes from 0.1 in the 0.2 changelog.

Ah, sorry, I missed the "+".

Accepted into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Has resolved the issue for me, thank you.

This bug was fixed in the package openafs - 1.4.11+dfsg-5

---------------
openafs (1.4.11+dfsg-5) unstable; urgency=low

  * Apply upstream deltas:
    - [7833e472] Make afsd.pod reflect reality
    - [c9974c7a] Avoid prematurely destroying callback_rxcon
    - [9b37972e] Linux: 2.6.32 - Adapt to writeback changes
    - [abdf72bc] Linux: Avoid deadlock in readdir - release GLOCK for
      filldir
    - [bdb4f98a] Protect rx_call iovq from simultaneous attempts to empty
      it
    - [c08609ae] Avoid using released hosts
    - [a410b7fd] Linux - Fix disk cache access for selinux/AppArmor
      constrained processes (LP: #415766)
    - [49094ccf] Add automatic sysname detection for ARM Linux
    - [525b594a] Make ktc_curpag generally available (LP: #446521)
  * In the postinst of openafs-modules-dkms, if the openafs module is
    already added in DKMS, try to remove it first before adding it. This
    should more correctly handle the case of a user installing this
    package without the correct kernel headers, having it fail in
    postinst, and then installing the correct headers and having dpkg
    attempt to configure the package again. Thanks, Philipp Kaluza.
    (Closes: #553542)
 -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 17 Nov 2009 17:46:45 +0000

This bug was fixed in the package openafs - 1.4.11+dfsg-1+ubuntu0.1

---------------
openafs (1.4.11+dfsg-1+ubuntu0.1) karmic-proposed; urgency=low

  * src/afs/LINUX/osi_file.c and src/afs/afs_init.c:
    Fix credential handling for AppArmor (LP: #415766)
    Patch by Marc Dionne
 -- Mackenzie Morgan <email address hidden> Thu, 29 Oct 2009 11:27:01 -0400